The Mobile SDK supports session lock/unlock using device Fingerprint Session Lock and device Screen Lock with Pattern/PIN/Password. Because the app user can use one, both, or no locking method at all, you need to handle all of these scenarios. If the device is configured without any lock method, the Mobile SDK returns an error that device lock security is missing.
All of the backend complexity is abstracted away, so your interaction with the SDK looks simply like this:
Lock User Session