The mobile marketing is growing exponentially worldwide due to the emerging high speed wireless Internet and the proliferation of smartphones with powerful processors. Consequently, the management of the massive volume of mobile identities has sparked a lot of interest in both industry and academia, as they turn out to be a heavy burden for many mobile application startups. The conventional federated identity management technologies have been developed to delegate the users' identity tasks across different security domains to reduce the burden over the identity service consumers (i.e., Relying Party). However, they also raises serious security and privacy issues, such as the vulnerability to Single Point of Failure (SPOF) and the privacy leakage with respect to users' historical access information. To address these issues, we architect a novel Distributed Privacy-preserving Mobile Access Control (DP-MAC) framework. This framework also leverages a dual-root trust model to prevent identity theft in case of mobile device loss. In the end, we give performance evaluation and prove its applicability by implementing our system in the Cloud Computing platform and android smartphones based on jPBC in real-world settings.