MAC addresses are arguably more stable and about as easily user-modified (e.g. device tokens are wildly insecure in the presence of jailbroken devices). So: yes. And for the exact same reasons, you should never use it.

I could claim client-side certificates, but nobody uses those, and certainly not cross-platform.