App Scoped UserIds
This is an unpopular idea, because it would significantly change the developer experience and make cross app tracking of users 'more difficult, but not impossible'.. and also, it would increase security and improve user privacy.
Return only Opaque User Ids. Do not have the UserID returned by the API to be the same one that other user data is indexed by. If you want to take it a step further, make the UserIDs returned to an app, 'app scoped'. What that would mean is if App A, asked for the UserId of user 'Xemdo', the API could return 72078039. If App B asked for the UserId of user 'Xemdo', the API could return 59090389. Both of those IDs refer to the same user with the respective AppID.
This would increase user privacy and make cross app user tracking more difficult, and, it would make de-anonymizing psudo-anonymous data indexed by id... on new Ids impossible.
Edit: Also, apps would have to use their AppId scoped UserID and could no longer use the original UserID for operations.
It makes sense for privacy reasons for sure, it would absolutely wreck solutions that keep track of data depending on existing IDs though, as noted. 🤔 Even allowing a grace period in which we can convert one ID into the other might negate the immediate benefits of doing this. 🤨 I would probably be very unhappy if this change was done with no recourse to re-associate data.