Does the APNS device token ever change, once created?

Apple's official documentation is unclear on this point. What I have observed is this: the token is invariant for a given device, application, and domain (production vs. sandbox). I believe that this must remain true in order for the system to work reliably. Consider the situation where an application update triggers a new APN token; if I were using the greatest new Twitter-like app, with notifications enabled, what would happen when I update my app from iTunes? Should I have the expectation that it will continue to be sent notifications even though I have not run the applications since I "sync" the update onto me device? The act of changing the application cannot affect the APN system since the OS can receive notifications on your behalf even though you haven't run the updated app.

To be clear, Apple states "An application should register [with APN servers] every time it launches and give its provider the current token". I wholeheartedly agree; doing so will protect your application from bad assumptions or unusual situations.

One of the answers to Are push notification tokens unique across all apps for a single device? indicates that device tokens are unique per "operating system install"; and that restoring from backup to a device would maintain the token but wiping a device will cause it to get a new token. This would be entirely consistent with Apple's intentions of seamless operation and privacy: wiping a device is severe enough that perhaps it warrants a new association, but a user restoring an image after an OS update would want to preserve their existing notifications. If I recall the recent iOS5 update on my iPad, I restored the most recent backup after upgrading, so this would have maintained my notification token's consistency. [Edit: restoring a backup to a different device will NOT duplicate the token.]

caveat: I do not have definitive knowledge on the subject, just some reasonable experience working with APN (as a third-party developer). As always, it is best to verify your assumptions.

---

Update (June 2012):

I recently had a chance to a> talk to Apple engineers and b> run some real world tests, and I wanted to present the results:

To be complete, when I talk about returning an APN token, I am assuming the context of a single bundle identifier/application.

First, the Apple engineers said that it should not be possible for two devices to return the same APN. Notwithstanding the comments below, I have not been able to identify a circumstance where this fails.

Second, here is the upgrade test sequence and results:

1. Start with iOS4 installed on iPhone4; backup device in iTunes

2. Upgrade to iOS5
   From a previous test, I know that the APN token is now different

3. Restore the backup to the device
   The APN token is now the same as step 1.

4. Reset iOS (clean device)
   The APN Token changes

5. Backup a different phone to iTunes and restore that backup to test device; basically, I'm restoring the "wrong" backup, as if I were switching phones.
   The APN token changes again; further it is distinct and does not match the tokens either the original token or the "cloned" token.

6. Restore the "correct" backup to the device.
   The APN token is now the same as step 1.

7. Lastly, I upgraded the phone to iOS6 (beta2), restored my backup, and re-tested. As expected, the token continued to match the token in step 1.

At this point, I'm pretty confident that APN tokens can't be duplicated between different devices; perhaps this may have happened as a bug in earlier versions of iOS, but I'm confident that iOS5 (and presumably iOS6) are handling APN tokens correctly.

---

Update (August 2012)

I just realized I had not added this: device tokens will change. One of the Apple devs shared with me that tokens do actually expire (after 2 years, I think). For many purposes, this is long enough that can be thought of as invariant.

[I'm not worried if I have to update my test scripts with new tokens every two years, especially since I change phones every year.]

From [Apple Documentation ApplePushService]2

The form of this phase of token trust ensures that only APNs generates the token which it will later honor, and it can assure itself that a token handed to it by a device is the same token that it previously provisioned for that particular device—and only for that device.

If the user restores backup data to a new device or reinstalls the operating system, the device token changes.

YES, device tokens can change.

Anytime your app receives a token, it should store it. Then, whenever a new token is received (which will happen, eventually), compare the new token to the stored token and, if they are different:

1. Update the device's local storage, (including possibly to nil)
2. Update anything on the device which uses the token to be aware of the new token
3. Update any APIs which are aware of this token to the new token.

As a practical matter, the last step is the most likely to be non-trivial. For example, if you have a service which is sending weather alerts to a device token based on what zip code that device has subscribed to, then you need to pass the old_token and the new_token to said service so it can update delivery.

Ergo, generally speaking 100% of APIs accepting a "device token" must also have some kind of UPDATE facility for that token. To not build for this is to build for mis-delivered and non-delivered notifications.

I've just tested it with iOS9 and APN Push token changes if I reinstall an app.