[gyardley]

Interesting. Based off of the FAQ, the only thing that keeps developers from sharing their users' SecureUDID with other developers and/or SDK-based companies seems to be their own discretion - turning over the domain and salt unlocks the keys.

There's also, as far as I can see, nothing to stop a company with a SDK from including this code in their SDK and tracking across every application that uses it. If I was still running an iOS analytics company, I'd be pretty tempted by this in the post-UDID era.

Well intentioned, I'm sure, but to me this looks like a great tool for continuing business as usual. I'm no expert, though - please let me know if I missed something.