Apple's official documentation is unclear on this point. What I have observed is this: the token is invariant for a given device, application, and domain (production vs. sandbox). I believe that this must remain true in order for the system to work reliably. Consider the situation where an application update triggers a new APN token; if I were using the greatest new Twitter-like app, with notifications enabled, what would happen when I update my app from iTunes? Should I have the expectation that it will continue to be sent notifications even though I have not run the applications since I "sync" the update onto me device? The act of changing the application cannot affect the APN system since the OS can receive notifications on your behalf even though you haven't run the updated app.

To be clear, Apple states "An application should register [with APN servers] every time it launches and give its provider the current token". I wholeheartedly agree; doing so will protect your application from bad assumptions or unusual situations.

One of the answers to Are push notification tokens unique across all apps for a single device? indicates that device tokens are unique per "operating system install"; and that restoring from backup to a device would maintain the token but wiping a device will cause it to get a new token. This would be entirely consistent with Apple's intentions of seamless operation and privacy: wiping a device is severe enough that perhaps it warrants a new association, but a user restoring an image after an OS update would want to preserve their existing notifications. If I recall the recent iOS5 update on my iPad, I restored the most recent backup after upgrading, so this would have maintained my notification token's consistency. [Edit: restoring a backup to a different device will NOT duplicate the token.]

caveat: I do not have definitive knowledge on the subject, just some reasonable experience working with APN (as a third-party developer). As always, it is best to verify your assumptions.

Update (June 2012):

I recently had a chance to a> talk to Apple engineers and b> run some real world tests, and I wanted to present the results:

To be complete, when I talk about returning an APN token, I am assuming the context of a single bundle identifier/application.

First, the Apple engineers said that it should not be possible for two devices to return the same APN. Notwithstanding the comments below, I have not been able to identify a circumstance where this fails.

Second, here is the upgrade test sequence and results:

  1. Start with iOS4 installed on iPhone4; backup device in iTunes

  2. Upgrade to iOS5
    From a previous test, I know that the APN token is now different

  3. Restore the backup to the device
    The APN token is now the same as step 1.

  4. Reset iOS (clean device)
    The APN Token changes

  5. Backup a different phone to iTunes and restore that backup to test device; basically, I'm restoring the "wrong" backup, as if I were switching phones.
    The APN token changes again; further it is distinct and does not match the tokens either the original token or the "cloned" token.

  6. Restore the "correct" backup to the device.
    The APN token is now the same as step 1.

  7. Lastly, I upgraded the phone to iOS6 (beta2), restored my backup, and re-tested. As expected, the token continued to match the token in step 1.

At this point, I'm pretty confident that APN tokens can't be duplicated between different devices; perhaps this may have happened as a bug in earlier versions of iOS, but I'm confident that iOS5 (and presumably iOS6) are handling APN tokens correctly.

Update (August 2012)

I just realized I had not added this: device tokens will change. One of the Apple devs shared with me that tokens do actually expire (after 2 years, I think). For many purposes, this is long enough that can be thought of as invariant.

[I'm not worried if I have to update my test scripts with new tokens every two years, especially since I change phones every year.]