AgilePoint NX has a stateless engine i.e. each call is individually authenticated at the server side. So if you lose the mobile device by chance if the app was on, and disable the user in AgilePoint manage center or change its password, at most what user can see is the screen which is open. However as soon as they try to click any button or navigate anywhere, it will throw an error.
Here is an example of it. I logged into the app and opened a screen and then went to AgilePoint Manage Center and disabled the user, I see following error.
If I had task list open and then try to take any action, it gives me an error.
If I had app open and try to go to menu, it would throw the error
If form is open and I try to navigate to any other screen like process viewer
So since app is stateless, the user who stole it cannot take any action on it.
In addition to this if client needs any additional security features to be added, AgilePoint NX Services team does have option of creating custom branded apps with custom features for clients. You can get an app created in name of client and get it hosted in app stores. App package is handed over to client for them to submit it to the apple and android store under their name.