As far as I know the only way to restrict an extensions ability to use the mobility feature is to not tell the user the password to extensions web portal. As a security measuer I would like 2 things to be implemented.
1. By default ALL extensions access to the mobility extension feature be restricted.
2. Administrator ability to ALLOW access to mobility extension on a per extension basis.
Not all extensions need mobility. More need web access to extension than need mobility and mobility is the only feature that is a true security risk. We need the ability to give web access but no mobility. This feature should be reserved for those the admin deems worthy.