mobile app security

The mobile app although very limited in ability shows tenant details. There is a duty of care for other peoples data so I think the app should be more secure (eg biometrics /pin code etc).

The GDPR applies to mobile apps that collect and process personal data of EU citizens. It doesn't matter if your app is operated from outside of the EU. The GDPR will still apply. The purpose of the GDPR is to provide improved privacy protection and control for EU citizens.