VISA stores the Token in a secured format in the mobile local storage such as keystore/keychain using the API provided by VTS SDK. But when the mobile app is uninstalled, does VTS SDK take care of removing the tokens in the local storage?
Good question. I'll take a look and get back to you soon. 🙂
Regarding your question, can you please reach out to firstname.lastname@example.org so that email@example.com can connect you to the Visa Token Service (VTS) expert team? Normally, we would want you to email us with the email address that you had provided when you enrolled in the Visa Token Service program. That way, the VTS expert team can provide you with more details.
The truth of the matter is that we don't own the apps, so we can't speak for them collectively, as each app might be handled differently by each app. The token is a reference number, non-PII information, and allows for obtaining an encrypted payload, this payload is verified in a variety of ways along the process and eventually decrypted into payment information. Since other organizations handle the digital wallets, this information would have to be obtained from them.
From my understanding, whenever the app is deleted the token associated will be deleted from the device. But, as such VTS SDK does not have the VTS Lifecycle management API (Suspend/Resume/Delete) calls to delete the token from system.