There are methods for getting or generating a unique ID for your app on a mobile device.
1. ios - if IDFV suffices for your needs, otherwise generate a GUID and store it in the keychain for that device.
2. android - Android Device ID

Given that you have a unique identifier for the mobile app on that device, when you authenticate to your backend to generate your JWT token, you should embed that identifier into the token.

Each request to your server should include the identifier in some way (typically as a header), and the jwt token.

Your server should inspect the request header and the token to make sure they match.