Citizen Lab: Kenyan authorities used Cellebrite to break into phone of dissident

Traces of commercial surveillance technology manufactured by the Israeli spyware maker Cellebrite were found on a prominent Kenyan dissident’s phone, the latest in a series of abuses of the technology targeting civil society.

Experts at the Citizen Lab found indicators of Cellebrite on a personal phone belonging to Boniface Mwangi, a Kenyan activist who has repeatedly been jailed for criticizing the government, according to a new report from the digital forensics organization.

Mwangi has announced he plans to run for president of Kenya in the 2027 elections and has long been a target of the Kenyan government. In recent years, Kenya has cracked down on dissent and reportedly killed citizens opposing the government. 

Authorities around the world— including in Serbia, Hong Kong, Jordan, Botswana and Myanmar — have allegedly used Cellebrite to extract data from phones belonging to journalists and activists while they have been detained by police or security services in recent years.

Mwangi was arrested last July against a backdrop of mass protests against extrajudicial killings by Kenyan authorities. He was released on bail and his phone was returned to him in September, according to the report. A criminal case against him is ongoing.

He immediately noticed the phone’s password protection had been removed and asked the Citizen Lab to analyze it.

Researchers found traces of an application — which appeared under the name com.client.appA — known to be linked to Cellebrite’s data extraction technology.

The seized phone contained all of Mwangi’s communications with family members and close friends, along with family pictures, he said in an interview. He condemned Cellebrite for allegedly selling its technology to the Kenyan government, whose human rights abuses have been front page news.

“When you sell the technology to a rogue state, you're basically telling the rogue state that they can do anything they want with that technology, which means that they can track and capture or kill innocent people just to stay in power,” Mwangi said.

“Cellebrite is … complicit in the government actions because if they didn't sell the technology to our government, this wouldn't be happening.”

In February 2025, Cellebrite ended its contract with Serbia after Amnesty International published a report alleging that it had been “systematically deployed” against members of civil society there. Civil society leaders have questioned why the company provided its technology to Serbia, which has been cracking down on protestors for years and had been caught targeting phones belonging to members of civil society with spyware.

A spokesperson for Cellebrite said the company “maintains a rigorous process for reviewing allegations of technology misuse.” 

“When credible, substantiated evidence is presented directly to our team, we investigate thoroughly and take decisive action, up to and including license termination,” they said.

“Cellebrite operates under stringent compliance and ethics frameworks. We stand behind our vetting processes, our Ethics & Integrity Committee and our record of enforcement.”

The Kenyan embassy in Washington did not immediately respond to a request for comment.

John Scott-Railton, a digital forensic researcher at the Citizen Lab, urged the firm to release the specific criteria they used to approve sales to Kenyan authorities and disclose how many licenses it has revoked in the past.

“If Cellebrite is serious about their rigorous vetting they should have no problem making it public,” he said. “Kenya’s rights problems were widely documented long before this particular abuse surfaced.”

Scott-Railton said Cellebrite has not yet responded to its January findings that Jordanian authorities used its technology to extract data from the phones of activists and civil society members without their consent.

Citizen Lab supplemented the digital forensic research published in that report with numerous court records documenting Cellebrite use “against activists and members of Jordanian civil society in a manner that does not comply with human rights treaties that Jordan has ratified,” they said.