A new forensic investigation by Canada-based research group Citizen Lab has placed Kenya’s security agencies at the center of an escalating global debate over digital surveillance and the shrinking civic space.
When Boniface Mwangi’s Samsung phone was returned to him by the Directorate of Criminal Investigations (DCI) last September, the activist noticed something chilling: the password protection he had meticulously maintained was gone. The device simply swiped open.
This week, a forensic bombshell from Citizen Lab confirmed Mwangi’s worst fears. With “high confidence,” researchers verified that Kenyan authorities used technology from the Israeli firm Cellebrite to bypass the device’s security while it was in police custody. According to Citizen Lab’s forensic analysis, traces of an application identified as com.client.appA, strongly associated with Cellebrite’s forensic extraction suite, were found on Mwangi’s confiscated Samsung device.
The extraction, which took place around July 20, 2025, likely gave the state total access to Mwangi’s private messages, financial records, and personal photos, a digital strip-search of a man who has already announced his intention to run for president in 2027.
The Israeli connection goes beyond the software
The use of Cellebrite technology adds a dark layer to the deepening and controversial relationship between Nairobi and Tel Aviv. The timing of this revelation is particularly sensitive as public anger simmers over the alleged settlement of Israeli citizens in Solai.
Local sentiment in Solai remains raw following the 2018 dam tragedy, and recent reports of land being “reclaimed” for Israeli agricultural or residential projects have birthed a widespread theory that the tragedy and the subsequent displacement were a precursor to a planned settlement. The fact that the government is using Israeli tools to crush domestic dissent while simultaneously facilitating Israeli interests in Solai feels like a dual betrayal of sovereignty.
“By giving the government access to spy on me, they’re putting my life in jeopardy,” Mwangi told The Guardian. His sentiment echoes a broader fear: that Kenya is becoming a testing ground for Israeli surveillance “solutions” in exchange for geopolitical and land-based concessions.
A growing arsenal of spying
The Cellebrite incident is not an isolated case of “high-tech” policing. It is part of a systemic escalation of state-sponsored surveillance that we’ve documented over the last year.
In November 2025, we reported on how the DCI successfully installed FlexiSPY, a commercial-grade spyware, on the devices of filmmakers Bryan Adagala and Nicholas Wambugu. Unlike Cellebrite, which is used for physical forensic extraction, FlexiSPY allows for remote, real-time monitoring of calls and locations. In both cases, the malware was planted while the devices were in “legal” police custody.
Furthermore, the infrastructure for this surveillance goes deeper than just software. In June 2025, the dismissal of Albert Ojwang’s case by Safaricom and the Communications Authority (CA) raised red flags regarding the independence of our telcos and regulatory bodies. Whispers within the industry suggest a mounting pressure on telecommunications giants like Safaricom to provide “backdoor” access to subscriber data, bypassing the constitutional right to privacy.
The post-Gen Z protest landscape
The government’s pivot toward invasive digital forensics is a direct reaction to the global wave of Gen Z-led protests that rocked Kenya in 2024 and 2025. These protests, which were decentralized, tech-savvy, and largely organized via encrypted platforms like Discord and Signal, left the state’s traditional intelligence apparatus scrambling.
To regain control, the National Intelligence Service (NIS) and the DCI have moved from broad internet shutdowns, which damage the economy, to “targeted surveillance.” By cracking the phones of leaders like Mwangi, the state seeks to map out the “movement’s DNA,” identifying donors, strategists, and international links.
Amnesty International has described this as “technology-facilitated violence.” It is a coordinated campaign to ensure that by the time the 2027 elections arrive, any opposition is either compromised, intimidated, or physically located before they can hit the streets.
The corporate ethics gap
Cellebrite, for its part, claims it maintains a “rigorous process” for reviewing allegations of misuse. However, the Citizen Lab report lists Kenya alongside a “Who’s Who” of human rights abusers, including Myanmar, Belarus, and Saudi Arabia.
John Scott-Railton, a senior researcher at Citizen Lab, is blunt about the risks: “Your phone holds the keys to your life, and governments shouldn’t be able to help themselves to the contents just because they don’t like what you are saying.”
As the “Silicon Savannah” transforms into a digital panopticon, the risks for activists, journalists, and even ordinary citizens are rising. If your device is seized, the law, on paper, protects you. But as Boniface Mwangi’s case proves, once your phone enters a DCI evidence bag, your password is no longer your own.
For the tech-conscious Kenyan, we recommend using strong alphanumeric passcodes, enabling “Lockdown Mode” on iOS or “Advanced Protection” on Android 16, or even the ‘Fake cell tower’ alerts, and if you are heading into a protest, perhaps the safest “smart” phone is one that is left at home.
