Didn't know about that, thanks! Curious why they invented their own system (maybe jailbreaking was still a problem, because people knew about it).
But yes, a strong account system is the best way to go. For a company this mature, it should be feasible to require phone number/email/payment authentication for new users prior to providing services.
Apple removed access to the UDID because it was being used to target advertising and correlate users across different publishers -- basically privacy issues. For a while there was a slew of third party solutions which involved hashes of MAC addresses. Some time thereafter Apple created IDFV and the companion, IDFA (For Advertiser) and really cracked down on cross-vendor correlation.
But yes, a strong account system is the best way to go. For a company this mature, it should be feasible to require phone number/email/payment authentication for new users prior to providing services.