Even if you can change it at will?

Yes, even then. If that wasn't the case it would be trivial to circumvent the GDPR, as then basically any pseudonymous data would be considered non-personal. A Google Analytics user ID is also random and can be changed at any time, still the data that Google collects is considered personal.

We aren’t discussing the collection of user data here. The IDFA ad system does not require anything more to function as described.

While in practice some user data is used to make a hash to increase the conversion accuracy, it’s by no means necessary.