Mobile App Development for Digital Pass

TRUETECH is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Mobile App Development for Digital Pass
Medium
from 1 week to 3 months
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1054
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Developing a Mobile App for Digital Pass

Plastic badge at gate — 2010. Most Digital Pass requests boil down to: seamless employee/visitor verification without physical token. Behind this simplicity — serious stack: cryptographically signed tokens, NFC/BLE with turnstiles, offline mode on connection loss, corporate MDM policy compliance.

Where Logic Usually Breaks

Most common — app shows QR but doesn't guarantee one-time use. Static QR on phone screen can be photographed and passed. Right solution — dynamic TOTP code over signed JWT: new code every 30 seconds from shared secret issued during onboarding. Server verifies not QR itself but token signature + time window.

Second painful scenario — NFC with OSDP controllers (Suprema, HID). Without proper NFCTagReaderSession lifecycle management on iOS, reader loses session on background. Fixed by explicit invalidate() and moving logic to URLSessionConfiguration.background for silent push waking app on phone approach.

How We Build These

Stack depends on requirements. iOS-only — Swift + CryptoKit for pass signing, Core NFC for reading/writing, PassKit for Apple Wallet integration. Cross-platform need — Flutter with flutter_nfc_kit + native platform channels for Secure Enclave (iOS) and Android Keystore access.

Key components:

  • Pass as Verifiable Credential (VC) per W3C standard — JSON-LD document with DID-signature from issuer. Convenient for external access control system integration.
  • Offline-first storage: pass encrypted AES-GCM, stored in Keychain (iOS) / EncryptedSharedPreferences (Android). Turnstile verifier works offline via Bluetooth challenge-response.
  • Apple Wallet / Google Wallet: PKPass and Google Wallet Pass API let place pass in native wallet without separate app. But no dynamic TOTP embedding — static fields + barcode only. For corporate needs often build custom pass in app.

One implemented case: mobile pass for warehouse complex with 12 access points. Each reader — BLE peripheral. Flutter app scans BLE device, establishes GATT connection, sends signed challenge, receives grant/deny. Time from approach to response — 800–1200 ms. Fallback — QR with TOTP when BLE off.

MDM Role and Configuration Profiles

Corporate Digital Pass without MDM — vulnerability. Unmanaged device can't guarantee app not deleted or cloned. Apple Configurator / Microsoft Intune integration allows:

  • forcefully install app on devices;
  • deliver configuration (backend URL, tenant ID) via Managed App Configuration without hardcode;
  • block screenshot API (UIScreen.isCaptured → show empty screen instead of pass).

Project Stages

Typical path: audit existing access control system and API → design token/verification protocol schema → develop mobile client and verification server → pilot at single point → load test → rollout.

Timeline: 6 weeks (QR/TOTP pass without NFC, single platform) to 4 months (BLE + NFC + Wallet + MDM + two platforms). Custom pricing after access control and infrastructure requirements analysis.