Apologies, I'm conflating two slightly different things there.
There's the identifierForVendor [0] which is unique to the publisher. This is pretty safe to use however you see fit (within reason).
Then there's the advertisingIdentifier [1], which is not unique, but can easily be permanently zeroed out by the user. Apple also have some fairly stringent rules about how it can be used [2], not to mention further rules about not identifying people surreptitiously [3]:
> 5.1.2 Data Use and Sharing
> (iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.
They ask you to explicitly confirm that you're following the advertising identifier rules in particular every single time you submit to the App Store.
Cannot these restrictions be lifted if you write that the user agrees to sharing all of their data for any purposes somewhere between the lines of a 20-page Privacy Policy?
I imagine Apple has the final word on how to define the word surreptitiously. I would like to think Apple could interpret somewhere in 20 page privacy policy is surreptitious.
There's the identifierForVendor [0] which is unique to the publisher. This is pretty safe to use however you see fit (within reason).
Then there's the advertisingIdentifier [1], which is not unique, but can easily be permanently zeroed out by the user. Apple also have some fairly stringent rules about how it can be used [2], not to mention further rules about not identifying people surreptitiously [3]:
> 5.1.2 Data Use and Sharing
> (iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.
They ask you to explicitly confirm that you're following the advertising identifier rules in particular every single time you submit to the App Store.
[0] https://developer.apple.com/documentation/uikit/uidevice/162...
[1] https://developer.apple.com/documentation/adsupport/asidenti...
[2] https://support.appsflyer.com/hc/en-us/articles/207032086-Ap...
[3] https://developer.apple.com/app-store/review/guidelines/#dat...