There should be a permissions-based access to it in my opinion. The same way that your current location is allowed to be viewed by the app.
My app (KEYBOX lite) uses UDID to help thwart cheaters who reinstall the lite edition and simply reimport their data from an earlier install. I know I'm the exception and not the rule but if I could ask for the permission to use the device ID in the lite edition I could still do this.