The libindy functions for a wallet allow a parameter that locks and unlocks a wallet. You can think of this as a password, and I think you should for your use case.
As you pointed out, if we’re talking about a mobile app, the secret that does the unlocking could come from a secure enclave, guarded by a biometric. That would obviously be stronger. It is also possible to conceive of schemes where a very strong secret (passphrase, 256-bit random entropy, etc) is sharded among many parties and reconstituted to unlock something, as opposed to treating the secret like a simple password.