I don't think the hired help is any more absurd, given that the primary perceived problem would be the increased likelihood that a bad actor exploits the system. I think that's what would keep a landlord up at night far more than an impermanent modification to the real property. Either way, it removes the resident's own judgement from the request/response cycle. But then again, so does the resident handing out copies of keys, which has a very different but still substantial attack surface.
No matter what, the main gate still keeps out random people who aren't sophisticated in their attack, which is all it ever did in the first place, so there's really not much going on here.
That was the basis of my (rather open) question: Whether the primary perceived problem would be the increased potential for bad actors to do bad things, or whether the primary perceived problem would be the fact that a tenant modified the wiring inside of their own unit.
I agree that bad actors are the worst concern, since bypassing a switch with a relay on a low-voltage circuit is about as non-invasive as wiring mods can ever get.
So. Assuming that there aren't purely-technical failure modes that can results in an improperly-closed relay, we can ask: Does having per-user codes and a wired-in relay result in a worse security scenario for the building than lending the [singular] spare key to a friend does?
Sure, it's easy enough to give someone else instructions and a code, while it can be hard to copy [some] keys.
But it's also easy to disable a code when that visitor has left or is no longer welcome (and thus also disable all copies of that code), whereas it is hard to disable a copy of a key.
And OP went a step further than mere codes by also validating inbound phone numbers, as a form of 2FA. This second factor is also possible to duplicate by a bad actor, but we're well into the realm of requiring some sophistication (or brazen theft) for that to happen.
(All said, based on the description I think they did pretty good with their hack.)
On my initial reading, it sounded like they had modified the wiring on the gate itself, which would be more alarming. Now that you mention it, it does sound like they might have instead accessed wiring within their own unit. I’m used to access systems that just dial out to residents’ phone numbers, so when they talked about accessing the intercom wired to the gate, I assumed they were talking about the public call box at the gate itself.
I've only lived in one apartment that had such a system, and it was probably the nicest solution to the problem.
The only issue was that it took awhile for the landlord to change the phone number for our unit to ours, and similarly when we moved out - I kept getting phone calls for that door for months.
No matter what, the main gate still keeps out random people who aren't sophisticated in their attack, which is all it ever did in the first place, so there's really not much going on here.