Can define the duration of the access token?
Do you share your mobile application code?
Do you allow your application to be wrapped by industry standard mobile application management platforms?
Do you comply with following segregation architecture: Hardware and software used for development, testing and production systems of the service shall be segregated with application deployment procedures defined. User accounts shall not be shared between production and non-production environments?
How do you protect the data from theft, improper access or leakage?
Do you allow sharing content between the mobile application and other mobile applications on the device? (sharing content between apps)
Do you conduct authentication of the user on the mobile device?
How do you protect the identity and password of the user?
Do you implement session management capabilities?
Please describe session management and session lockout mechanisms