My app will have users added to the Whitelist, as opposed to allowing a whole domain. I understand how a user first downloads the app and logs in. I’ve read posts about AppSheet checking to make sure that user is still in the Whitelist each time it syncs.

But what protection is there if the user’s phone is lost or stolen- from someone else accessing the app?

Are the users only required to re-log in every 60 days? That would leave the app open for anyone to access. I don’t want my users to have to login everyday but where is the balance?

How do you handle this part of security?