That said, it does pose an interesting question as to what Apple could have done to prevent this eventuality. One possibility would have been not to expose a global device ID to developers, but instead to generate a per-app (or maybe per-developer-key) ID. That would have made such a leak extremely difficult, and would have isolated the damage to whatever vulnerabilities were present in a single app.
You're right that these developers would have made something broken regardless of whether this problem existed, but Apple should try not to give them enough rope to hang themselves. What's fascinating is that "globally visible unique identifier" turns out to be just enough rope.
You're right that these developers would have made something broken regardless of whether this problem existed, but Apple should try not to give them enough rope to hang themselves. What's fascinating is that "globally visible unique identifier" turns out to be just enough rope.