Reopening this issue since it happened again to me, this time in a different environment.

The problem is not that the unifiedpush server would allow registration of the same device token twice. Instead it lies on client side, where the client somehow gets second device token, which is then registered to the server, but the old one does not get invalidated. This might be a GCM issue, but since it seems it can occur, I'd like to keep this issue open to not forget to investigate this more.