The only thing I can think of it to create a security policy for mobile users in tcode SECPOL and there define that login/password_downwards_compatibility=5 (only old hashes and maximum 8 characters in upper-case) and at the same time set login/min_password_digits=8 (which is then at the same time the maximum as well).
If the user has this policy and logs on via SAPGUi or other UIs, they can change the password but it cannot be a password which cannot entered as digits on the mobile app.
A bit ugly, but should work.
Note: SECPOL exists as of 7.31. Otherwise you will have to use RZ11 for all users in all clients.
Cheers,
Julius