Last year, the phone hacking tool maker Cellebrite announced it had suspended Serbian police as customers, after human rights researchers alleged local police and intelligence agencies used its tools to hack into the phones of a journalist and an activist, and plant spyware. 

This was a rare example of Cellebrite publicly cutting off a customer following documented allegations of abuse, citing Amnesty International’s technical report for its decision. 

But following recent similar accusations of abuse in Jordan and Kenya, the Israeli-headquartered company responded by dismissing the allegations and declining to commit to investigating them. It’s unclear why Cellebrite has changed its approach, which appears contrary to its previous actions.

On Tuesday, researchers at The University of Toronto’s Citizen Lab published a report alleging the Kenyan government used Cellebrite’s tools to unlock the phone of Boniface Mwangi, a local activist and politician, while he was in police custody. In another report from January, the Citizen Lab accused the Jordanian government of breaking into the phones of several local activists and protesters using Cellebrite’s tools. 

In both investigations, the Citizen Lab, an organization that has investigated abuses of spyware and hacking technologies around the world, based their conclusions on finding traces of a specific application linked to Cellebrite on the victims’ phones. 

The researchers said that those traces are a “high confidence” signal that someone used Cellebrite’s unlocking tools on the phones in question, because the same application had been previously found on VirusTotal, a malware repository, and was signed with digital certificates owned by Cellebrite.  

Other researchers have also linked the same application to Cellebrite.  

“We do not respond to speculation and encourage any organization with specific, evidence-based concerns to share them with us directly so we can act on them,” Victor Cooper, a spokesperson for Cellebrite, told TechCrunch in an email. 

When asked why Cellebrite is acting differently from the Serbia case, Cooper said “the two situations are incomparable,” and that, “high confidence is not direct evidence.”

Cooper did not respond to multiple follow-up emails asking if Cellebrite would investigate the Citizen Lab’s latest report, and what, if any, differences there are with its case in Serbia.

In both its Kenya and Jordan investigations, the Citizen Lab reached out to Cellebrite in advance of publishing the reports to provide the company with a right to respond. 

In response to the Jordan report, Cellebrite said that “any substantiated use of our tools in violation of human rights or local law will result in immediate disablement,” but did not commit to investigating the case and declined to disclose specific information about customers. 

For the Kenya report, however, Cellebrite acknowledged receipt of Citizen Lab’s inquiry but did not comment, according to John Scott-Railton, one of the Citizen Lab researchers who worked on the Cellebrite investigations. 

“We urge Cellebrite to release the specific criteria they used to approve sales to Kenyan authorities, and disclose how many licenses have been revoked in the past,” Scott-Railton told TechCrunch. “If Cellebrite is serious about their rigorous vetting, they should have no problem making it public.”

Following previous reports of abuse, Cellebrite, which claims to have more than 7,000 law enforcement customers around the world, cut off relationships with Bangladesh and Myanmar, as well as Russia and Belarus during 2021. Cellebrite previously said it stopped selling to Hong Kong and China following U.S. government regulations restricting the export of sensitive technologies to the country. Local activists in Hong Kong had accused the authorities of using Cellebrite to unlock protesters’ phones.

View Bio