Why does iOS get a new identifierForVendor when app updates?

Every time my app is updated from the App Store some small number of the users get a new identifierForVendor for some reason. My users don't sign up or login. They are all anonymous so I need to separate them through their vendor IDs.

I've considered that there could've been insufficient space on some devices, resulting in the app being deleted and reinstalled, but that's not the case since in the last update a friend of mine had over 2GB of empty space.

I know that the identifierForVendor is changed for a user who deletes and reinstalls the app. But that's not the case here, as the app is just updated.

What could the problem be? The weird part is that this hasn't happened for development team devices yet. Or there are still users who haven't experienced this bug after countless app updates, OS updates, etc. This only happens to a small percentage of the users. All users are iOS7+ and it happens for different device models and iOS versions.

I use this code to get their ID:

static let DeviceId = UIDevice.currentDevice().identifierForVendor.UUIDString

Then I save them into NSUserDefaults:

NSUserDefaults.standardUserDefaults().setBool(true, forKey: "User" + DeviceId)
NSUserDefaults.standardUserDefaults().synchronize()

Then I check if the user exists, at every new login:

static func doesUserExist() -> Bool {
    var userDefaultValue: AnyObject? = NSUserDefaults.standardUserDefaults().valueForKey("User" + DeviceId)

    if defaultValue == true {
        println("Userdefaults already has this guy, moving on")
        FirstTime = false
        return true
    } else {
        println("First time in the app!")
        FirstTime = true
        return false
    }
}

If the user does exist it starts the login process. If the user does not exist it shows them the signup process. I am using Parse.com as backend and the deviceID is used as a username. When that small amount of users experience this bug, I see a new username and a new account created.

thank you for the code. it will help solve this problem. however this post is focused more on what the problem might be, instead of a solution.

As mentioned in the comments to this answer: stackoverflow.com/a/21878670/129202 synchronization of keychain using iCloud breaks this.

@Jonny: you could solve that by adding some device information to the key. But for the question here, that is not necessary, as it's only about identifying a user - I doubt there are many users sharing their iCloud ...

If you are using the native security framework when saving to keychain, there is attribute to make a keychain item accessible only to the device. That is, it will not be synced to iTunes or iCloud. You can add to your attributes this value: CFDictionaryAddValue(attributes, kSecAttrAccessible, kSecAttrAccessibleWhenUnlockedThisDeviceOnly)

I am testing in iOS11 and the same identifierForVendor is being returned after I explicitly un-install and re-install the app. I need to wait for a day to see if this persists over longer period of time. (Tested 3 un-installs and re-installs: same ID each time). Occurs both with Side-Load with Xcode managed profile, and ad-hoc builds signed with developer profile. Haven't tested yet with release-signed builds. We actually need a unique identifier for our purposes, so we will resort to using the keychain and UUID instead.