One interesting way to secure the phone could be in a way that the app only work on a certain network (vpn). Authenticated against keys specific to the store. This way it couldn't work if someone tries to extract info from the phone. This is assuming all the data inside the app is encrypted in some form.