Following Amnesty International’s December 2024 report on the use of Cellebrite forensic tools by the Serbian police to unlock or install spyware on the phones of a local journalist and activist, the Israeli surveillance firm has banned the country from using its services.

Cellebrite issued an announcement stating the firm took “took precise steps to investigate each claim in accordance with our ethics and integrity policies” and found it appropriate to stop the use of its products by the relevant customers, in this case, the Serbian police and Security Information Agency (Bezbedonosno-informativna Agencija – BIA). The announcement added that the company assesses countries it works with and that its compliance and ethics programs require its tools to be used ethically and lawfully.

Amnesty’s report claimed that the Serbian police were using NoviSpy, a newly discovered Android spyware, to spy on targets by capturing personal data or remotely controlling mics and cameras or targets’ phones. Forensic evidence linking Cellebrite tools to NoviSpy infections was found after Amnesty discovered that the police were using Cellebrite UFED exploits to bypass Android security vulnerabilities and covertly deploy the malware on victims’ phones.

🚨 Human rights win! 🚨

Following Amnesty’s investigation into misuse by Serbia authorities of Cellebrite’s forensic tools to target activists & journalists, Cellebrite has suspended Serbian customers!

A crucial step—but stronger safeguards are needed to prevent future abuse. pic.twitter.com/1yiGnH1fcG
— Donncha Ó Cearbhaill (@DonnchaC) February 26, 2025

These deployments would usually happen when a target was in detention or being questioned by the police or BIA. Suspects, like journalist Slaviša Milanov, would be called into police stations, have their devices confiscated, and would appear for questioning.

In the meantime, authorities would scan their phone for personal files and deploy the malware without informing them, obtaining legal consent, or disclosing the purpose of the search. According to Amnesty, these infections were only possible because of Cellebrite’s tech, as NoviSpy itself relies on the tools’ unlocking process to fully deploy via the Android Debug Bridge (adb) command-line utility.

Milanov’s summons to a police station in February 2024 kicked off the Amnesty investigation. After being called in by the police following a routine traffic stop, Milanov found his phone’s settings changed, including disabled data and WiFi. He then requested help from Amnesty International’s security lab, fearing surveillance tools would target him.

In the News: FBI blames North Korean hackers for $1.5 billion Bybit heist