So if you have two apps on the same device they both share the same UDID and the same APNS token.
Whilst on the surface this may seem like a huge security issue it is not as bad as it seems, because in order to send push notifications to a device you must have the correct APNS .p12 certificate generated by Apple for the app AND the app must be installed on that device.
I would see the UDID's as more of a security breach given the fact that many developers are still using the now depreciated udid to interface with web services.
On a similar note, If you are developing an app and need to have a unique identifier you should be using Secure UDID or something similar https://github.com/crashlytics/secureudid and if you're sending data to you're own webservice, don't just use SSL, use encryption such SHA to prevent mitm sniffing of your data - Both iOS and Android both allow installation of root CA certs which is amazing for developing and sniffing API's but dangerous if your writing webservices and ONLY relying on SSL and no other encryption.
As an app developer, does this give me some benefit over just generating and saving a random UUID on first launch?