[Kallikrates]

Could be via other apps using ubers native sdk writing to a common key store. ala Google sharing auth between apps on iOS.

[azinman2]

Such key stores are wiped on erase. They more likely used the wifi MAC address.

[Kallikrates]

Keychain used to persist data and are shared, this was a very recent change in iOS to "fix"

[azinman2]

It can be backed up to iCloud but in the context of scammers they're likely not using the same iCloud over and over.

[eecks]

Is it against the rules to track via the mac address?

[Kallikrates]

The wifi Mac address is obscured from native code

[azinman2]

Didn't used to be and it's unclear what the exact timing is of this code.

[orbitur]

Apple made the standard API return garbage in iOS 6, and the API would probably trigger an analysis error iTC, so if they were getting the MAC address it was via much sneakier means.

[babuskov]

Can't one simply change the MAC address like you can do on PC?

[azinman2]

Maybe if you're jail broken? But if you're not then no way.

I believe I tried long long ago on iOS and couldn't get it to work, but I don't know if I'm remembering correctly.