Hello, Marius.
You can create different mobile applications for different types of users.
There is no user in mobile application, you only make requests providing credentials of a user when call the main infobase.
At the same time users in central infobase, which are used by mobile applications, have roles and when they install wrong applications on the smartphone, they will not have different access, and will receive messages that access to prohibited data is denied.