Yes it can.
The fob has no idea what it has access to, in most systems it just has a serial number. When you tap it on the reader, the reader scans its serial number. The system has a list of which key numbers are allowed to open which doors at which times, if your key matches it opens the door. These almost always have some kind of log of which key opened which door when. Whether the building management knows how to access that is anyone’s guess.
If he loves in a building with fobs there’s probably cameras also.
So if he’s worried about after the fact investigation into his movements, he should live somewhere else.
Not at all. In fact Creality seems quite open for a Chinese company. There’s literally an option on the touch screen menu to enable root access. That gives you full SSH access to everything on the board, no hacks or jailbreaks needed.
The firmware is Klipper based, mostly open but there’s a few binary bits. There are some open source firmware forks but the one thing they haven’t got running yet is the bed pressure sensor so you need to add a separate sensor for leveling and z axis zeroing.
However the stock firmware works great and with some open source scripts you can add whatever you want to it like fluidd/mainsail.
My k1 Max has lived its entire life on a private network segment, only internet access it gets is NTP to set the clock. It’s perfectly fine. I have never registered with Creality cloud nor has the machine tried to force me too. I use orca slicer and feed it the g code and it works great.