Police Mobile Phone Spying Powers_ 50 countries ranked on powers to access mobile phones

For many of us, our mobile phones are a window into our lives. From our banking details to our private communications, they hold an extensive amount of personal data.

Our latest research of 50 countries finds that every police force has some level of access to your mobile phone and its data. Worse still, the majority of governments and law enforcement agencies have a form of hacking technology in place.

So what access do the police in your country have to your mobile? Where are police mobile phone spying powers at their worst? And where are police able to put their hacking technology to work modifying the data on your phone?

Our study of the top 50 countries by GDP finds that all countries grant their law enforcement/security agencies some kind of access to citizens’ mobile phones. Plus, the majority employ invasive practices with the use of hacking technology. And, while there are the usual suspects included within our worst-performing countries, the likes of Germany, Australia, Denmark, the UK, and the US have incredibly invasive practices in place that pose a serious threat to citizens’ privacy.

We assessed each country based on the following:

  • Can police access a suspect’s phone?
  • Can police hack into a suspect’s phone?
  • Can police demand fingerprint/facial recognition/passwords to gain access?
  • Can police modify data on the phone?

Our study focuses on the physical access police may have to mobile phones and the data stored on them. It does not cover the interception of communications via mobile carriers or any of the providers of the services/apps on the phone.

Countries with the most police power for mobile phone surveillance

1. China, Saudi Arabia, Singapore, and the UAE = 0/14

These four countries were unable to score any points thanks to their widespread and invasive mobile phone spying powers with little, if any, judicial oversight.

In China, you don’t even need to be suspected of having committed a crime in order for police to search your phone or install spyware on it. While in Saudi Arabia, Singapore, and the UAE, the police have sweeping powers to use the technology at their disposal. Cellebrite is known to have been in use in Saudi Arabia and the UAE, while the government of Singapore has access to various technologies, including FinSpy.

2. Iraq = 1/14

Iraq manages to scrape back one point due to there being some provisions in its law surrounding mobile phone searches–even though they’re inadequate. Searches should be carried out by an official but there are no requirements for warrants. With mass surveillance, no data protection law, and a complete lack of oversight, there is little protection for Iraqis’ mobile phone privacy.

3. Egypt and Russia = 3/14

In Egypt, there are some privacy protections that should be adhered to when searching mobile phones but these are frequently violated and disregarded. There is evidence of authorities using apps to track citizens with spyware through apps downloaded on their phones. And during demonstrations, citizens were forced to unlock their social media accounts so they could be checked for anti-government sentiment. A judge deemed that these searches were illegal, but they continued afterward. In another worrying case, a blogger/reporter was beaten until she handed over her passcode.

Russia follows a similar pattern with frequent examples of law enforcement carrying out searches without the right authority. Many devices also come preloaded with Russian software that some believe can be compromised.

4. Bangladesh, Germany, Nigeria, Thailand, Turkey, and Yemen = 4/14

All of these countries have some protections in place but frequently put the privacy of citizens at risk through invasive and widespread surveillance tactics. And perhaps the biggest surprise here is Germany.

In Germany, standard stop and search procedures prevent police from accessing a mobile phone without a warrant. But other laws allow access without suspicion of a crime (e.g. in cases of intelligence agencies). The BKA has the technology to decrypt messages and police are also allowed to install spyware on suspects’ phones–all without the suspicion of a crime. Police aren’t supposed to demand that a citizen unlocks their phone without a warrant, either, but there are cases where suspects aren’t informed of their legal rights.

5. Australia, Denmark, Hong Kong, India, Indonesia, Malaysia, Peru, the UK, and the US = 5/14

Some provisions but known abuse is a similar picture for the countries in fifth place, too.

For example, in Denmark, despite there being provisions, a recent Supreme Court ruling found that judicial oversight isn’t always required when accessing suspects’ phones. It also ruled that forcing a suspect’s thumb onto their phone to gain access without a judge’s authorization was within the scope of the law.

In the US, warrants are generally required to access phones but customs police have broad powers that allow them access without judicial oversight, and they may insist people hand over their passcodes, too. In many states, mobile phone searches can be warrantless. The UK also gives the same power to border control agencies and all without them having “reasonable suspicion” that a crime has been committed beforehand.

But it’s perhaps Australia’s recent law that presents the most concern. This gives police the power to hack into mobile phones without a superior court judge’s authority and enables them to modify the data on the phone if necessary for the case. In some ways, this is worse than lack of clarity within the law as it gives police the power to carry out these invasive practices without any fear of repercussion.

Countries with the least police power for mobile phone surveillance

No country offers its citizens complete protection when it comes to their mobile phone privacy in police searches. However, a handful do go one step further to protect users’ privacy than others.

Austria, Belgium, Finland, and Ireland all have clear and precise laws that state police can only access mobile phones if the person in question is a suspect and a warrant is in place. There isn’t any evidence of widespread hacking technology, either.

Another positive is that major mobile phone manufacturers also protect customer data through encryption. For example, Apple’s law enforcement guidelines state that: “For all devices running iOS 8.0 and later versions, Apple is unable to perform an iOS device data extraction as the data typically sought by law enforcement is encrypted, and Apple does not possess the encryption key.” For devices with older versions, law enforcement would need to gain a warrant for access and meet the requirements of California’s Electronic Communications Privacy Act (CalECPA)–which reinforces the warrant requirements for access to electronic data.

Nevertheless, Apple has been involved in cases with the FBI where it has been requested to help provide access to an encrypted phone. While it hasn’t always provided access, recent findings suggest that Apple did drop its plans to encrypt backups after the FBI said it would hamper its investigations.

So, even though phone manufacturers can help reinforce privacy rights through encryption and their own policies, it remains down to legislation and clear, transparent practices to ensure citizens’ privacy is protected.

What does the future hold for mobile phone users and surveillance?

What the above demonstrates is that an increasing number of countries are heading toward widespread and invasive surveillance powers. While many of the worst-scoring countries are so due to lack of clarity and clear abuses, a large number are increasing surveillance on citizens through legal powers. By giving police the authority to search, hack, and even modify mobile phone data without judicial oversight, countries are creating surveillance societies where no users’ data is safe–guilty or not.

Methodology and scoring

We searched through the top 50 countries by GDP to see what evidence there was of mobile phone surveillance and what legislation was in place to govern the use of surveillance tactics and/or tools. We then used this data to score each country based on the below:

Can police access a suspect’s phone?

0 = Yes. Few safeguards, if any, which enable police to access suspects’ phones at will and with little oversight.
1 = Yes. Some safeguards in place but these are either abused or there are instances where access is granted without a warrant/oversight.
2 = Yes. Nothing specific mentioned in the law but general search powers would suggest they can access with a warrant. Or, cases where access has been gained but courts have ruled that warrants are required.
3 = Yes. But only in certain cases and with a warrant.
4 = No access.

Can police hack into a suspect’s phone?

0 = Hacking technology in place with little, if any, oversight.
1 = Hacking technology in place with some oversight but signs of abuse or lack of clarity which creates loopholes/invasive practices. Or, hacking enabled without warrants/oversight in some cases, e.g. at borders. Cellebrite (or equivalent) known to be in use.
2 = Hacking/access can only be used in certain cases and with correct judicial oversight.
3 = No/nothing known.

Can police demand fingerprint/facial recognition/passwords to gain access?

0 = Yes and without reasonable concern or authority. Or lack of clarity in law which leaves it open to abuse.
1 = Yes. Some oversight but known abuse/widespread practice of forcing people to hand over passcodes/unlock their phones.
2 = Yes but only in specific cases and with judicial oversight.
3 = No/nothing known.

Can police modify data on the phone?

0 = Yes and without reasonable concern or authority. Or lack of clarity in law which leaves it open to abuse.
1 = Yes. Some oversight but cases where warrants aren’t required/powers are abused.
2 = The tools they have access to may enable this but nothing specific in the law to provide adequate safeguards. However, general requirements for stop and search, etc. would likely offer some protection.
3 = Yes but only in specific cases and with judicial oversight.
4 = No/nothing known.

Data researcher: Rebecca Moody



For a full list of sources, click here.