Smartphones are an integral cog of the IoT environment and a fundamental bloc of any related security solution, given that IoT mobile applications allow users not only to get information, but also to influence the environment. This paper presents a methodological instrument that can contribute to implementing and evaluating security measures in mobile applications by means of an automated analysis tool. A clear process for linking policy and high-level security guidelines and measures to concrete source code elements is depicted, as well as an automated way of testing a set of mobile applications against them. In addition, the obtained results highlight the current state of authentication measures’ implementation in IoT mobile applications; at the same time, it is important to note that the proposed approach is generic enough to accommodate other security principles as well.