Do you know where your smartphone is right now? Of course, you do. If not, you’re probably searching for it frantically by now. The only thing worse than losing your keys might be losing your smartphone.
We’re all highly aware of the whereabouts of our mobile devices (considering that sometimes they’re strapped to our bodies). And that’s why mobile access control makes complete sense. With mobile access control, your credentials are housed in your mobile device—enabling access to secured business facilities and resources—mobile access security.
Mobile access control strengthens an organisation’s security since nobody shares their device privacy with anybody else. People use their phones to access bank accounts, email, private messages, and other sensitive accounts. Storing digital “keys” to access physical spaces is just as secure—and the benefits go even further. The potential is great, and the possibilities are endless, when it comes to mobile access.
Considering 92.3 percent of internet users access the internet via their mobile device (e.g. Apple devices, Android devices), it’s no secret that our mobile devices have become an essential part of doing business and keeping in touch with the world. Following the wave of innovation, it’s only natural that adoption of mobile access control is on the rise.
So, let’s answer the top 5 questions about mobile access security.
1. How does using encrypted credentials on Apple Wallet and Google Wallet keep mobile access secure?
When you use your phone as a key, your access credential isn’t just sitting inside an app, waiting to be found. It’s tucked away deep inside the phone’s hardware. Like it’s being stored in a vault built directly into the device.
On iPhones, that vault is the Secure Element, a dedicated chip purpose-built to safeguard sensitive information. On Android devices, Google Wallet relies on hardware-backed encryption through HCE and secure keystores to protect the credential. Different technologies, same outcome: the credential stays encrypted and isolated from everything else on the phone.
And when you tap to unlock a door, the phone doesn’t hand over the credential itself. Instead, it quickly generates a unique, one-time encrypted code…think of it ass a kind of digital “proof of authenticity.” Even if someone tried to intercept the NFC signal mid-air, all they’d catch is an unreadable, single-use fragment that they can’t reuse or copy.
Because this encrypted data never leaves the secure hardware, your credential remains protected — even if the phone ends up lost, stolen, or compromised by malware. The vault stays locked!
2. How do built-in phone security features help protect mobile access, especially in high-security areas?
Modern smartphones don’t just hand over your credentials the moment you tap — they pause and make sure it’s really you. Features like Face ID, Touch ID, or PIN act as a sort of digital checkpoint. They ask, “Are you sure?” and confirm the rightful owner before the Wallet unlocks.
For everyday situations, this extra step is optional. But in high-security environments, organizations can choose to elevate the protection. Nedap readers support this configuration, meaning the system won’t activate your credential until you’ve authenticated yourself on the device first.
It essentially builds in a two-factor security model:
- the phone you have,
- plus the biometric or PIN only you know.
So even if someone else ends up holding your phone, the story ends there — they still can’t use it to gain access.
3. What is the security risk if a device gets lost or stolen?
Mobile passes can be suspended, resumed, or removed remotely in the case of a lost or stolen device. So even if a device falls into the wrong hands, it can’t be used to enter a restricted building or area.
If your mobile device is misplaced or lost, your mobile pass will be automatically suspended once the device is marked as “Lost” in your “Find My” application. Your mobile pass will only be reactivated when your device is recovered and verified by you.
If, for any reason, the device is not recovered, fresh credentials can be provided to a new device. Meanwhile, the lost device’s credentials are deactivated permanently.
4. Can mobile passes be transferred to another device?
No. As a built-in security feature, mobile passes cannot be copied, transferred, re-issued, or re-used on another device. And mobile passes are essentially hack-proof. Mobile access authorisation is unique, encrypted, and highly secure.
This unique identification also can be invaluable in the event of an emergency. Think about an evacuation scenario. You want to be sure that everyone has safely exited the building. Mobile technology can be used to verify that everyone is out of harm’s way which optimises rescue efforts. Security officers operating mobile technology can have complete visibility of movement on site. This allows them to mark credential holders as safe, and anybody who might be missing can be identified.
5. Is mobile access control more secure than physical plastic badges?
Mobile access control is significantly more secure than plastic badges. As we mentioned earlier, mobile access control eliminates the risk of badge-sharing. Unlike badges, mobile access can also leverage advanced security methods such as biometric tools and Two Factor Authentication.
Stored with the latest industry standards and with the security features of the devices, you can rest assured they’ll be updated whenever you need. Plus, there’s no “eavesdropping” because the technology is based on NFC. This means we can rely on the MiFare DESFire protocol and security measures automatically built into this standard for communication (not to mention security features already built into Apple devices).
Mobile access control means stronger security
Consider scenarios where hundreds if not thousands of people require access to multiple areas, such as at large corporate or university campuses. Maybe in your organisation?
Knowing who goes where and when can be a huge challenge, which makes it a significant security risk. But it doesn’t have to be.
Mobile access control solves many of the problems associated with keeping organisations safe and secure. It elevates access management to the next level with unparalleled agility, flexibility, and security. Keeping track of building access—and keeping your facilities secure—has never been easier.
