In recent years, biometric techniques (e.g., fingerprint or iris) are increasingly integrated into mobile devices to offer security advantages over traditional practices (e.g., passwords and PINs) due to their ease of use in user authentication. However, existing biometric systems are with controversy: once divulged, they are compromised forever - no one can grow a new fingerprint or iris. This work explores a truly cancelable brain-based biometric system for mobile platforms (e.g., smart headwear). Specifically, we present a new psychophysiological protocol via non-volitional brain response for trustworthy mobile authentication, with an application example of smart headwear. Particularly, we address the following research challenges in mobile biometrics with a theoretical and empirical combined manner: (1) how to generate reliable brain responses with sophisticated visual stimuli; (2) how to acquire the distinct brain response and analyze unique features in the mobile platform; (3) how to reset and change brain biometrics when the current biometric credential is divulged. To evaluate the proposed solution, we conducted a pilot study and achieved the $f$-score accuracy of 95.72% and equal error rate (EER) of 2.503%, thereby demonstrating the potential feasibility of neurofeedback based biometrics for smart headwear. Furthermore, we perform the cancelability study and the longitudinal study, respectively, to show the effectiveness and usability of our new proposed mobile biometric system. To the best of our knowledge, it is the first in-depth research study on truly cancelable brain biometrics for secure mobile authentication.