It's rather like the FBI having a list of 12,000,000 wifi MAC addresses. Would the mere possession of such a list by the FBI be illegal? What if the MAC addresses supplied by Starbucks are from customers who voluntarily connect their devices to Starbucks' network and transmit their MAC address as part of the connection negotiation?
Similarly, what if the UDIDs are from people who installed a common app on their devices and agreed as part of the terms and conditions to allow information about their hardware (including device name, UDID, etc.) to be transmitted to the app vendor and to other parties including law enforcement?
EDIT: the question of whether they should have this information is completely separate from whether it's illegal for them to have this information. And, as noted by others, no proof has been presented that it was obtained from the FBI.
Similarly, what if the UDIDs are from people who installed a common app on their devices and agreed as part of the terms and conditions to allow information about their hardware (including device name, UDID, etc.) to be transmitted to the app vendor and to other parties including law enforcement?
EDIT: the question of whether they should have this information is completely separate from whether it's illegal for them to have this information. And, as noted by others, no proof has been presented that it was obtained from the FBI.