Hi,
if you can guarantee that users won't be able to access system other way than via mobile app then you can create a custom app that will allow users to set password with digits only.
Another approach that I have seen is that a mobile app allows to set pin code. A user logs on for the first time with username/password and then she is prompted to choose a pin. The chosen pin is used to encrypt original password. Whenever pin code is entered the mobile app decrypts password stored in local storage, makes a HTTP call with HTTP authentication to get a session cookie and then all following calls use the session cookie. The app can wipe out encrypted password after x failed attempts to enter pin code. In that case the user must enter password again. The only disadvantage of this approach is that password is stored in local storage. It's encrypted but with a simple key so enumeration of all keys is possible. An attacker with access to phone will be able to get it. So it depends on your risk profile if this is an issue or not.
Cheers