Kenyan Activist’s Phone Compromised Using Cellebrite Tool During Police Detention
Recent investigations by the Citizen Lab have unveiled that Kenyan authorities employed a forensic extraction tool developed by the Israeli firm Cellebrite to access the mobile device of Boniface Mwangi, a prominent pro-democracy activist in Kenya. This incident adds to a series of reported abuses involving such technologies targeting civil society members.
The Citizen Lab, an interdisciplinary research unit at the University of Toronto’s Munk School of Global Affairs & Public Policy, identified these indicators on Mwangi’s personal Samsung phone. Mwangi, who has declared his intention to run for president in 2027, was arrested in July 2025. During his detention, his phone was confiscated and returned nearly two months later, in September. Upon its return, Mwangi discovered that the device was no longer password-protected, allowing unrestricted access without any authentication.
Analyses suggest with high confidence that Cellebrite’s technology was utilized on Mwangi’s phone around July 20 and July 21, 2025. The use of this tool could have facilitated the extraction of all data from the device, encompassing messages, personal files, financial details, passwords, and other sensitive information.
This revelation follows a prior report by the Citizen Lab, which indicated that Jordanian officials likely used Cellebrite tools to extract information from the mobile phones of activists and human rights defenders. These individuals had been critical of Israel and expressed support for Palestinians in Gaza. The devices were seized during detentions, arrests, and interrogations between late 2023 and mid-2025 and were subsequently returned to their owners.
In response to these findings, a spokesperson for Cellebrite stated that the company’s technology is designed to access private data only in accordance with legal due process or with appropriate consent to aid investigations legally after an event has occurred.
These cases contribute to a growing body of evidence highlighting the misuse of Cellebrite technology by governmental clients. They also underscore a broader pattern of surveillance abuses by various governments worldwide, employing tools like Pegasus and Predator spyware to conduct highly targeted surveillance operations.
Predator Spyware Targets Angolan Journalist
In a related development, Amnesty International reported that Teixeira Cândido, an Angolan journalist and advocate for press freedom, was targeted by Intellexa’s Predator spyware in May 2024. The infection occurred after Cândido opened a malicious link received via WhatsApp. At the time, his iPhone was operating on iOS 16.2, a version with known security vulnerabilities. The specific exploit used to facilitate the infection remains unidentified. Reports from Recorded Future have observed suspected Predator operations in Angola dating back to 2024.
This marks the first confirmed forensic case of Predator spyware being used against civil society in Angola. Once installed, the spyware granted attackers unrestricted access to Cândido’s iPhone, posing significant risks to his personal and professional communications.
Global Implications and Concerns
The misuse of advanced surveillance tools like Cellebrite’s forensic extraction devices and Predator spyware raises significant concerns about privacy violations and the suppression of dissent. While such technologies are often marketed for legitimate law enforcement purposes, their deployment against activists, journalists, and human rights defenders indicates a troubling trend of governmental overreach and the erosion of civil liberties.
The international community has called for stricter regulations and oversight concerning the sale and use of surveillance technologies. There is an urgent need for transparency and accountability to prevent the exploitation of these tools for political repression and to ensure they are used in compliance with human rights standards.
Conclusion
The cases involving Boniface Mwangi in Kenya and Teixeira Cândido in Angola highlight the pressing need for global attention to the misuse of surveillance technologies. As governments continue to acquire and deploy advanced tools capable of infringing on individual privacy and freedom, it becomes imperative to establish robust frameworks that protect civil society from unwarranted surveillance and uphold the principles of democracy and human rights.
