Cellebrite cut off Serbia citing abuse of its phone unlocking tools. Why not others?
Source: TechCrunch
Last year, the phone‑hacking tool maker Cellebrite announced it had suspended Serbian police as customers after human‑rights researchers alleged local police and intelligence agencies used its tools to hack the phones of a journalist and an activist, and to plant spyware.
- Announcement: TechCrunch – Cellebrite suspends Serbia as a customer
- Allegations: TechCrunch – Serbian police used Cellebrite to unlock then plant spyware on a journalist’s phone
This was a rare example of Cellebrite publicly cutting off a customer following documented abuse allegations, citing Amnesty International’s technical report for its decision.
“Amnesty International’s technical report” – link
Recent accusations in Jordan and Kenya
Despite similar accusations of abuse in Jordan and Kenya, the Israeli‑headquartered company has dismissed the allegations and declined to commit to investigating them, a shift from its earlier approach.
-
Kenya:
- Researchers at the University of Toronto’s Citizen Lab published a report alleging the Kenyan government used Cellebrite’s tools to unlock the phone of activist‑politician Boniface Mwangi while he was in police custody.
- Report: Citizen Lab – Cellebrite used on Kenyan activist and politician Boniface Mwangi
-
Jordan:
- In a January report, Citizen Lab accused the Jordanian government of breaking into the phones of several local activists and protesters using Cellebrite’s tools.
- Report: Citizen Lab – From protest to peril: Cellebrite used against Jordanian civil society
Both investigations relied on traces of a specific application linked to Cellebrite found on the victims’ phones. The researchers described these traces as a “high confidence” indicator that Cellebrite’s unlocking tools had been used, noting that the same application had previously appeared on VirusTotal (a malware repository) and was signed with digital certificates owned by Cellebrite.
- Additional research linking the application to Cellebrite: ResearchGate – Android Anti‑forensics: Modifying CyanogenMod
“We do not respond to speculation and encourage any organization with specific, evidence‑based concerns to share them with us directly so we can act on them,” Victor Cooper, spokesperson for Cellebrite, told TechCrunch.
When asked why Cellebrite is acting differently from the Serbia case, Cooper said the two situations are “incomparable” and that “high confidence is not direct evidence.” He did not respond to follow‑up questions about whether Cellebrite would investigate the Citizen Lab’s latest report or how its approach differs from the Serbian case.
Contact Us
Do you have more information about Cellebrite or similar companies?
You can contact Lorenzo Franceschi‑Bicchierai securely from a non‑work device:
- Signal: +1 917 257 1382
- Telegram / Keybase / Wire: @lorenzofb
- Email: lorenzo@techcrunch.com
Cellebrite’s response to the investigations
-
Jordan report: Cellebrite replied that “any substantiated use of our tools in violation of human rights or local law will result in immediate disablement,” but it did not commit to investigating the case nor disclosed specific customer information.
- Full response (redacted): Cellebrite – Response Request for Comment (PDF)
-
Kenya report: Cellebrite acknowledged receipt of Citizen Lab’s inquiry but did not comment, according to researcher John Scott‑Railton.
“We urge Cellebrite to release the specific criteria they used to approve sales to Kenyan authorities, and disclose how many licenses have been revoked in the past,” Scott‑Railton told TechCrunch. “If Cellebrite is serious about their rigorous vetting, they should have no problem making it public.”
Past instances of Cellebrite cutting off customers
Cellebrite claims to have more than 7,000 law‑enforcement customers worldwide. It has previously halted relationships with several regimes after abuse reports:
| Country/Region | Year | Reason |
|---|---|---|
| Bangladesh | 2021 | Human‑rights concerns |
| Myanmar | 2021 | Military surveillance abuse |
| Russia & Belarus | 2021 | After investigative reporting |
| Hong Kong & China | 2021 | U.S. export‑control restrictions |
| Other | — | Various human‑rights and compliance issues |
- Bangladesh: Haaretz – Cellebrite halts sales to Bangladesh
- Myanmar: NYTimes – Cellebrite and Myanmar coup surveillance
- Russia & Belarus: Haaretz – Cellebrite halts sales to Russia
- Hong Kong & China: Jerusalem Post – Cellebrite stops selling to Hong Kong and China
Local activists in Hong Kong have accused authorities of using Cellebrite to unlock protest‑related devices.
This markdown has been cleaned for readability while preserving the original structure and content.
Lorenzo Franceschi‑Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing [lorenzo@techcrunch.com](mailto:lorenzo@techcrunch.com), via encrypted message at **+1 917 257 1382** on Signal, and **@lorenzofb** on Keybase/Telegram.
[View Bio](https://techcrunch.com/author/lorenzo-franceschi-bicchierai/)
---
*ters’ phones.*