What is to stop an attacker from creating a separate app with the bundle identifier of my app (minus the last component and with a fake last component), distributing it to users, then stealing the identifierForVendor?
On Android there is this concept of ANDROID_ID that is shared across apps based on app signing key, which is much harder to steal and can be used for multiple apps on a team. On IOS the equivalent of sharing app signing key is to be in the same app group. Are there any plans to have an identifier that is shared across app groups?
