There should be an option to automatically log out of the TeamViewer account in the Android/iOS client after a user-defined time-out period - as is done in most banking/insurance/financial services apps, password management apps, etc. I am quite surprised (shocked, to be honest) that this isn't already an option, considering how big a security hole it is.
If your mobile device is lost/stolen, and the perpetrator is able to unlock the device (or, say device is set to be unlocked by proximity to devices/networks/etc), they now have unrestricted access to connect to all the online devices in your contact list. Auto log-out provides a second layer of defense that is absolutely vital in applications with the immense level of access to user resources like that offered by TeamViewer.
And to make frequenty logging back in easier, the TeamViewer client app should support fingerprint log-in - again, as is done in financial services/password management apps (though I'm going to post that as a separate suggestion).
Another way to think about this: having the TeamViewer account always logged in on the mobile device removes the necessesity of one of the facors in 2FA (the password, i.e. "what you know"), and allows the perpetrator to have access to devices in the contact list just by being in possession of the mobile device ("what you have"). Combining auto log-out with fingerprint log-in restores 2FA by requiring a person to have 2 things: the mobile device, AND the correct fingerprint (which in turn unlocks the stored account credentials).
Am I the only one who sees this as considerable security risk, or am I missing something?
Is there a mitigation I'm not aware of? Or am I overblowing the risk potential here?