We're working with an application which is written using Xamarin Forms; the basic structure of which (including the storage layers) was developed by a contractor before hand over to us.
It was written using Xamarin.Forms, and only for iOS and Android.
We are experienced developers with C# and other languages, but this is the first mobile application we've worked on and maintained. We chose Xamarin because it fits our existing c# workflow and skillset - and honestly we think it's really great.
Due to our inexperience with Mobile Applications, we have encountered a few issues after going to production. We implemented an authentication system which stores a JWT token on the device after a successful authentication. We save this token to the device and it is then provided with every API call for authentication and authorisation, along with the other standard protections (TLS, TLS certificate pinning, HMAC etc). For Android, the app was implemented to use XLabs.Platform.Services.KeyVaultStorage and on iOS, it appears to use the keychain (SecKeyChain).
The issue we've run into is that we were working on the assumption that these strings saved into the app were stored in the application sandbox, and that on application upgrade the sandbox would be removed and thus the application state reset. Evidently this isn't the case! We have now run into a few issues where clients and their installed apps can't reauthenticate due to having a token for an old version of the app, and we have no way of clearing them - deleting the app and reinstalling doesn't help.
We have checked the documentation but can't find them; What hooks or functions does Xamarin have to allow us to trigger actions to clear values on application update, delete or install?