Russia Used Cellebrite Tools to Crack Activist's iPhone After the Company Cut Off Russia. Records Confirm It.

What Happened

On May 31, 2021, Russian security services pulled Andrey Pivovarov off a flight at St. Petersburg Airport and seized his iPhone 12 and Apple MacBook. Pivovarov was the director of Open Russia, a pro-democracy nonprofit that Russian authorities had already labeled "undesirable."

He gave investigators neither consent nor passwords. His devices sat in state custody until 2023.

On June 25, 2026, the Citizen Lab at the University of Toronto, led by researchers John Scott-Railton, Bill Marczak, Hassen Selmi, and Ron Deibert, among others, published a forensic analysis of Pivovarov's iPhone. Their conclusion: Russian authorities used Cellebrite's UFED Physical Analyzer and UFED 4PC toolkit to extract data from the device on or around June 17, 2021.

The Document That Seals It

A Russian government document titled "Forensic Expert Report No. 1269-17," prepared by Russian authorities and handed to Pivovarov during his criminal prosecution, explicitly names Cellebrite's tools. According to Citizen Lab, the report shows investigators searched extracted data using terms like "Open Russia Civic Movement" and names of opposition figures including Mikhail Khodorkovsky.

WhatsApp, Telegram, and Viber were all accessed, according to the Guardian's reporting on the investigation. Pivovarov told the Guardian that the breach put colleagues at direct risk: "After my arrest, several of my colleagues left Russia immediately."

Some of his contacts were later targeted by Coldriver, a Russia-linked hacking group. Citizen Lab said that connection warrants further investigation.

The Timeline Problem for Cellebrite

Cellebrite is an Israeli company headquartered in Petah Tikva, publicly traded on the Nasdaq, with $128 million in revenue in the first quarter of 2026 alone, according to Forbes. It provides digital forensics tools to more than 60,000 agencies across 150 countries.

In early 2021, Cellebrite announced it was ending sales to Russia and Belarus. That announcement came after human rights lawyer Eitay Mack led a group that exposed Cellebrite tools being used against tens of thousands of Russians, including Alexei Navalny's associate Lyubov Sobol in late 2020.

The Pivovarov extraction happened roughly three months after that cutoff.

Cellebrite chief marketing officer David Gee did not respond directly to Forbes' questions. Instead, he copied Forbes and other publications into an email sent to Citizen Lab and Access Now, a nonprofit that supported Pivovarov. Gee wrote: "Any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized. The Cellebrite hardware previously sold, prior to March 2021, would now be incompatible with modern devices and would operate without our technical support, our consent or any legal sanction from Cellebrite."

Gee also complained that Citizen Lab had not given Cellebrite advance access to the report before publishing.

The Strongest Defense of Cellebrite

Cellebrite's position offers several arguments. The company did cancel its Russian contracts. It does not sell to countries sanctioned by the U.S., E.U., U.K., or Israel. Hardware sold before March 2021 was legal at the time of sale. Technology companies routinely lose control of physical hardware once it leaves their facilities. Cellebrite cannot remotely brick devices the way software-as-a-service companies can revoke licenses. The argument that a sale made under a legal contract creates ongoing liability for post-contract misuse is genuinely contested legal and ethical territory.

Why That Defense Has Limits

Human rights lawyer Eitay Mack, who has tracked Cellebrite for years, told the Guardian that Cellebrite never dismantled the tools it had already sold to Russia, even though some of Cellebrite's own public documents suggest the company has the technical ability to do so. That claim is unproven, but it's a specific allegation about capability, not just intent.

Forbes also reported that in 2022, Israeli publication Haaretz found Kremlin investigators openly stating they used Cellebrite's tools. This meant it was not a secret from the company. No changes in policy followed that reporting.

Cellebrite positions itself publicly as being on the side of lawful investigations. Its website says it helps "convict bad actors" and specializes in "legally sanctioned digital investigations." Citizen Lab, in its own report, noted that the company has "a well-documented history of selling to governments with track records of persecuting activists, journalists and dissidents."

What the MacBook Tells Us

Russian authorities were not equally successful on all of Pivovarov's hardware. Citizen Lab found evidence of repeated failed login attempts on his MacBook on the same day the iPhone was cracked. The MacBook was encrypted. The iPhone was not successfully defended.

That contrast matters: encryption worked. The iPhone's protections did not hold against Cellebrite's UFED tools.

The Open Question

Pivovarov was sentenced to four years in prison in July 2022 and was released in August 2024 as part of the same prisoner exchange that freed Wall Street Journal reporter Evan Gershkovich, according to the Guardian. His devices were eventually returned to him, which is how Citizen Lab obtained them for analysis.

No investigation into Cellebrite's conduct has been announced by U.S., Israeli, or E.U. regulators as of June 25, 2026. No charges have been filed. The unresolved question is whether a surveillance technology company bears legal or regulatory responsibility when a foreign government uses hardware purchased legally before a contract cancellation to conduct political persecution after that cancellation. That question has no settled answer, and Citizen Lab's report is now squarely on regulators' desks.