I'm facing a similar problem. Below are my proposed solutions - myself I am about to implement the second one.

First solution:

EDIT: as John Ballinger points out in his comment below, gekitz, author of UIDevice-with-UniqueIdentifier-for-iOS-5 changes its license to MIT :) Thanks John!

If you just need a reliable UDID replacement, try this and please mind its license. You can also search for other solutions on GitHub.

Second solution:

Update to this solution: I've dropped the idea as too many devs are telling me it will violate HIG.

Much more flexible, allows tracking installation campaigns with your affiliates (e.g. by assigning every affiliate a specific "UDID" value you can later check after application is installed and that "UDID" is sent to your servers).

SO users: please let us know if any of below may violate HIG and, in effect, result in a rejected application (especially steps 5, 6 and 7).

1. Prepare a link to a page that executes a script that leaves a cookie which value is unique (e.g. "UDID" generated by your server).
2. User taps that link in Mobile Safari. Script stores cookie and then redirects to iTunes page with your app (e.g. http://itunes.apple.com/us/app/skype/id304878510?mt=8&uo=4).
3. App Store app is launched and shows a page with your application.
4. User installs the app and launches it.
5. On 1st startup: after the splash you show an alert asking user to activate the app (just one button is enough, e.g. 'Activate').
   • Note: you'll need to make sure the alert is still visible when app is put into background and resumed. Also, you need to have
6. User taps 'Activate', your application is quit/suspended and iOS opens Safari and goes to page (e.g. link hardcoded in your app), which reads the cookie value (our "UDID") and launches your app using URL scheme passing that "UDID" value.
   • Note: you need to allow Safari open that link (may require some additional coding, not sure);
   • I believe some page with EULA (for example) must be presented to the user and a button allowing to proceed, so UX is clear to the user (i.e. there is no experience that app leaves to open safari and after a second safari resigns and opens you app).
7. Application starts/resumes, stores the "UDID" and unlocks application allowing to show main UI etc.
8. Now you can use stored "UDID" when generating events to you statistics server etc.
9. You can later update/remove your "UDID" by sharing links (app's URL-scheme links distributed in a newsletter in my case) that will open your app and pass new value.

NOTE: you'll need to cover many edge cases, like starting/resuming app with (or without) URL-scheme or Push Notification etc.

P.S. Going out for a while, but will check your feedback later. Thanks!