I am trying to explore this a bit further, just to make sure. I understand with your answer that I cannot use an adhoc profile. However, could I create a self-signed certificate, add a team ID to this self-signed certificate, and sign the app with this? I tried to do this, but the binary still appears with "team id=not set". Is there anyway to force setting the team id, from a self-signed certificate?

I agree this is a significant privacy and security concern. I am not talking about us as devs, but from the user perspective, there are clear expectations that when they choose to delete an app and all its data, then this is done. Obviously keeping keychain data - the most sensitive data - despite the user opting to delete all data is clearly not appropriate for the user.