Hi Jordan,
Jumping into your question, device tokens are generally synced to Customer.io from your mobile application. So when a customer downloads your app and enables notifications for the app, a device token should be generated and can then be passed to Customer.io via API call to their customer ID.
For customers who have a device token in their profile, this would indeed mean that they have downloaded your app and logged into it at some point... but not necessarily that they still have the app installed. Our best practice recommendation is that your app send the customer's device token to us via API each time they open the app. By doing this, you can ensure that you always have an up-to-date token from that customer each time they use your app. The device token for a given customer will change if they uninstall your app and re-install it, or if they download your app onto a different device. A profile can have up to 20 device tokens on it, and you can choose to target the "last used" token based on the timestamp in which that token was last sent to the customer's profile.
So, generally, if a customer does not have a device token stored in their profile they either haven't installed your app or maybe they have but haven't enabled notifications. Without notifications enabled, it may be that a device token hasn't been generated for them.
I hope that helps to provide some clarity for you here, Jordan!