Inside the Phone Crackdown: How Forensic Tech Targeted a Kenyan Activist

On a chilly July morning in Nairobi, police stormed the home of Boniface Mwangi - a well-known Kenyan activist and would-be presidential contender. Within hours, devices were seized, offices raided, and Mwangi found himself behind bars. But what happened next, according to a bombshell report by Citizen Lab, reveals not just the risks activists face on the streets, but the invisible threats lurking inside their phones.

The Digital Dragnet

Citizen Lab’s investigation centers on a Samsung Android device that belonged to Boniface Mwangi, a prominent figure in Kenya’s civil society and a declared candidate for the 2027 presidential election. After his arrest by Kenya’s Directorate of Criminal Investigations (DCI) in July 2025, authorities seized multiple devices from his home and office. Two days later, Mwangi appeared before a special court and was charged under a firearms law - though initial signals hinted at more severe terrorism- and money-laundering-related accusations linked to mass protests earlier that year.

Following his release on bail, Mwangi recovered his devices on September 4, only to discover that his phone’s password protection had mysteriously vanished. He insists he never provided the password to authorities. This anomaly prompted a forensic analysis by Citizen Lab, which uncovered digital traces indicating the use of Cellebrite’s mobile extraction technology during the time his phone was held by law enforcement.

The report cites a forensic artifact - an application named com.client.appA - strongly linked to Cellebrite’s toolset. This technology, favored by police and security agencies worldwide, allows for deep extraction of a device’s contents, from messages and photos to financial data and stored credentials. Citizen Lab’s findings suggest that, in high-pressure political climates, such tools can be wielded to access sensitive information without proper oversight or consent.

This case is not isolated. Cellebrite’s products have faced mounting criticism for their role in enabling governments to surveil, intimidate, or silence opposition voices. Citizen Lab questions whether companies supplying such powerful technologies are doing enough to prevent abuse - especially in countries with a track record of targeting activists.

Reflections on Digital Rights

As Mwangi’s legal battle continues, this episode throws a spotlight on the growing intersection of technology, policing, and human rights. For activists, the threat now extends beyond physical detention: their digital lives are at risk, too. The challenge for civil society and technology vendors alike is clear - ensure that the tools designed for law enforcement don’t become weapons against democracy itself.

WIKICROOK

• Forensic Extraction: Forensic extraction is the secure copying and analysis of all data from a digital device, often used in investigations to preserve and examine evidence.
• Cellebrite: Cellebrite is software used by law enforcement to extract, analyze, and manage data from mobile phones and computers during investigations.
• Artifact: An artifact is any digital trace or data left during cyberattacks, used as evidence in cybersecurity investigations and digital forensics to reconstruct events.
• Directorate of Criminal Investigations (DCI): The DCI is Kenya’s top agency for investigating crimes, including cybercrime, digital fraud, and organized crime, ensuring national security and justice.
• Human: A human is an individual interacting with digital systems, often providing oversight, validation, and decision-making in cybersecurity processes like HITL.