The client has strict security standards for mobile users.  We need to prevent users from:

• Saving a photo to the camera roll after using the Take Photo or Video feature.  From my testing, it appears to be automatic with no declarative way to prevent this.
• Block mobile users from using the Pick from Camera Roll feature.

The bottom line we don't want users to store any work photos on their device. Other comments:

• There does NOT seem to be an approach to block users from uploading new Files to SF.  I see an Idea on IdeaExchange, but I have not found any workarounds.
• Ideally, a solution would be distributed by Profile or Permission Set.
• I tried removing the File Quick Action:
  • The Files Quick Action is no longer available as an Action in the Mobile app for the object. (GOOD)
  • However, if I tap the Post Action, the Photo/Video Action is still available (BAD).  So our users could upload a photo to Chatter.
• Training our Users will not be sufficient.  As it currently stands the app will not pass security review.
• Other than a possible MDM solution (which is not my skillset) the only alternative I can come up with is removing access to both Files and Chatter from the Mobile app which seems drastic.

Does anyone have any suggestions? Would MDM address these issues?

@Pankaj Prasad @Salesforce 1 Mobile App