Kenya Used Phone Cracking Tools on a Presidential Candidate—While He Was in Police Custody

What Happened

On July 19, 2025, officers from Kenya's Directorate of Criminal Investigations arrested Boniface Mwangi at his home. Mwangi is one of Kenya's most prominent opposition voices, a longtime government critic who had announced his intention to run for president in 2027. His arrest came amid mass protests against extrajudicial killings by Kenyan authorities.

When his Samsung phone was returned in September 2025, Mwangi noticed something wrong: the device no longer required a password to unlock. He submitted it for forensic analysis by Citizen Lab, the University of Toronto research group that investigates digital threats against civil society.

What they found confirmed his suspicion. The phone contained traces of an application linked to Cellebrite, the Israeli company that manufactures digital forensic extraction tools used by law enforcement agencies worldwide. The evidence indicated that police used the technology to bypass encryption and gain full access to Mwangi's device while it was in their custody between July 20 and 21, 2025.

What Was Exposed

Cellebrite's extraction tools do not target individual files. They perform full device extractions, meaning authorities potentially accessed everything on Mwangi's phone:

• Private communications with family and close friends
• Family photographs
• Presidential campaign planning documents and strategy
• Contact lists revealing his political network
• Encrypted messaging conversations

Mwangi described the experience as "a very strong feeling of violation." For a political figure, the implications go beyond personal privacy. The extracted data could be used to map his entire activist network, identify supporters, and undermine his campaign before it begins.

What Is Cellebrite

Cellebrite is an Israeli digital forensics company whose products are used by law enforcement and intelligence agencies in over 100 countries. Its flagship tools can extract data from locked smartphones, bypass encryption, and access deleted content. The company markets its technology as a tool for fighting crime and terrorism.

But the technology makes no distinction between a terrorist's phone and an activist's phone. Once deployed, it extracts everything. The same capability that helps investigators solve kidnappings can be turned against journalists, opposition politicians, and human rights defenders.

A Growing Pattern of Abuse

Kenya is not an isolated case. According to Citizen Lab's report, titled "Not Safe for Politics," Cellebrite technology has been deployed against activists and journalists in multiple countries:

• Serbia: Used against civil society members detained during protests
• Hong Kong: Deployed during the pro democracy crackdown
• Jordan: Used to extract data from phones of Gaza war critics
• Botswana: Targeted journalists investigating government corruption
• Myanmar: Employed by the military junta against opposition figures

John Scott Railton, senior researcher at Citizen Lab, put it bluntly: "Boniface Mwangi's case wasn't the first Cellebrite abuse case, and it won't be the last, because Cellebrite has a global abuse problem."

What Cellebrite Said

In response to the findings, Cellebrite stated: "Cellebrite maintains a rigorous process for reviewing allegations of technology misuse. When credible, substantiated evidence is presented directly to our team, we investigate thoroughly and take decisive action, up to and including license termination."

The company also said it does "not respond to speculation" and encouraged organizations with "specific, evidence based concerns" to contact them directly. It pointed to its Ethics and Integrity Committee as evidence of responsible governance.

Critics note that Cellebrite's self policing has not prevented repeated documented cases of abuse. The company continues to sell to governments with poor human rights records, and its vetting processes have failed to stop the technology from being turned against the people it should never touch.

What This Means for Anyone at Risk

If you are a journalist, activist, or anyone who might face arrest or device confiscation by authorities, the Mwangi case reinforces several important security practices:

• Assume that any device taken into police custody will be fully extracted, regardless of encryption or passwords
• Use disappearing messages in encrypted apps like Signal for sensitive communications so that extracted data reveals less
• Keep a minimal amount of sensitive data on your primary phone. Consider using a separate device for the most sensitive work
• If your device is returned after confiscation, treat it as compromised. Do not continue using it without a forensic examination
• Back up your data to encrypted cloud storage so that device confiscation does not mean data loss
• Contact organizations like Citizen Lab, EFF, or Access Now if you suspect your device has been tampered with during custody

The fundamental problem is not technical. Cellebrite exploits a power asymmetry: when a government has physical possession of your device, no consumer encryption can fully protect you. The real solution requires export controls, independent oversight, and consequences for companies that sell extraction tools to governments that weaponize them against their own citizens.