The population of mobile devices capable of participating in the Internet has increased dramatically in the last few years. To include this population into the Web service world requires support for the most important features, in particular security at the message level. This paper covers our approach to implement XML security specifications on mobile devices that allows efficient single-pass processing of XML encryption and signatures. Furthermore, we propose extensions to security specifications to better take into account the needs of mobile devices. We demonstrate the performance of our implementation, as well as our proposed extensions, through experiments, carried out in a real mobile environment.