Unlocked and Exposed: How Kenyan Police Used Cellebrite to Crack an Activist’s Phone

When Boniface Mwangi, a fearless Kenyan activist and outspoken critic of government overreach, was arrested in July 2025, he expected tough questions - not a total invasion of his digital life. But when police returned his Samsung phone weeks later, the password protection had mysteriously vanished. The secret? A controversial forensic tool called Cellebrite had silently unlocked his world.

Fast Facts

• Boniface Mwangi, prominent Kenyan activist and aspiring presidential candidate, was arrested on July 19, 2025.
• Police seized his Samsung Android phone and other electronic devices during the raid.
• Citizen Lab found forensic evidence that Cellebrite’s extraction tool was used on Mwangi’s phone while in police custody.
• The phone’s password protection was removed without Mwangi’s consent.
• The case spotlights global risks of advanced forensic tech in the hands of authorities.

Mwangi’s ordeal began as protests against police brutality swept Kenya. After his arrest by the Directorate of Criminal Investigations (DCI), authorities raided his office and seized his devices. The charges shifted - from terrorism to firearms violations - amid heavy international scrutiny. But the real drama unfolded after Mwangi’s release, when he discovered his phone’s security had been breached.

Enter Citizen Lab, a digital forensics team from the University of Toronto. Their meticulous analysis revealed traces of “com.client.appA,” a digital fingerprint linked to Cellebrite’s mobile extraction software. This tool, designed to help law enforcement bypass phone locks and siphon vast quantities of data, granted police access to Mwangi’s messages, contacts, financial records, and more - without his knowledge or consent.

Cellebrite’s technology, marketed worldwide, has become infamous for its ability to crack even the most secure smartphones. While such tools are invaluable for legitimate criminal investigations, they are also a double-edged sword. In the wrong hands, they can be weaponized against political opponents, journalists, and activists, exposing sensitive strategies and personal lives to hostile scrutiny.

The Kenyan case is not isolated. Human rights watchdogs have repeatedly warned about the misuse of digital forensics technology by both authoritarian regimes and democratic governments. Vendors like Cellebrite face mounting questions: Do they vet their clients? Are there safeguards to prevent abuse? Citizen Lab’s findings add fuel to a growing debate over vendor responsibility and the need for stricter oversight.

As Citizen Lab continues to investigate other devices seized from Mwangi, the implications ripple far beyond Kenya’s borders. The unchecked use of forensic tools threatens privacy, chills dissent, and undermines democratic freedoms - raising urgent questions for policymakers, tech companies, and civil society worldwide.

Mwangi’s unlocked phone is more than a personal violation - it’s a warning. As digital forensics become more powerful and pervasive, the line between legitimate investigation and abuse grows dangerously thin. The world is watching: Will technology serve justice, or erode the very rights it claims to protect?

WIKICROOK

• Mobile Extraction Tool: A mobile extraction tool accesses and copies data from mobile devices, often bypassing security features for forensic or investigative purposes.
• Digital Forensics: Digital forensics involves collecting and analyzing digital evidence to investigate cybercrimes, support law enforcement, and ensure data integrity in legal cases.
• Password Protection: Password protection restricts access to information or systems by requiring a secret word or phrase, helping keep data safe from unauthorized users.
• Artifact: An artifact is any digital trace or data left during cyberattacks, used as evidence in cybersecurity investigations and digital forensics to reconstruct events.
• Vendor Oversight: Vendor oversight is the process of monitoring and managing third-party suppliers to ensure they follow security and compliance standards.