
Authorities in Kenya have been accused of secretly installing spyware on the devices of filmmakers linked to the BBC’s “Blood Parliament” documentary.
The filmmakers were arrested on May 2, 2025. Although they were released the next day without charges, their phones remained in police custody until July 10, 2025.
After the phones were returned to the filmmakers on July 10, an independent forensic analysis by Citizen Lab was conducted. The analysis indicates that commercial spyware, FlexiSpy, was installed on one device on May 21 at about 5:36 p.m. while the phones were still in custody.
“The gadgets, which authorities detained on May 2 and held until July 10, were examined forensically. It has come to our attention that the DCI implanted spyware, the FlexiSpy app, with evidence showing installation on May 21 at about 5:36 p.m., during the detention period,” said Ian Mutiso, the lawyer representing the filmmakers.
The filmmakers — Nicholas Wambugu, Brian Adagala, Mark Denver Karubiu, and Chris Wamae — were arrested for allegedly publishing false information. The accusation stems from BBC’s Blood Parliament documentary released in April 2025.
However, the media giant, upon the arrest of the four, released a public statement denying their involvement.
Government surveillance is becoming a growing concern in Kenya. Mutiso claimed that Safaricom, a telecommunications provider, provides authorities with private data without legal authorization.
“We were able to confirm that the largest telecommunications provider, Safaricom, does provide private data belonging to its citizens to the DCI, without a court order on record,” he stated.
To back the spyware allegation, Mutiso will file an affidavit in court on Monday, September 15, the date set for the continuation of the case.
Related: Zimbabwe Wants IMEI Data, Citizens Fear Surveillance
The “FlexiSpy” Spyware
FlexiSpy is a commercial spyware application marketed as parental control and employee monitoring software. Security researchers and privacy advocates classify it as stalkerware because it secretly monitors individuals’ digital activities without consent.
First released in 2006, the spyware works on Android, iOS, Windows, and macOS devices. It can intercept phone calls and messages, track GPS location, monitor web activities, and access almost everything done on a device.
But it has limitations. A forensic researcher at Citizen Lab, John Scott-Railton, stated that the spyware is easier to detect compared to expensive alternatives like Pegasus.