Spyware & Surveillance Lab
CASE STUDY: UGANDA
Review & Provide Feedback

They know who you are! It's time you discover who they are.

Spyware & Surveillance Watch is a dynamic, continuously evolving research artifact and interactive dashboard. Currently anchored by a foundational case study on Uganda, it is expanding to expose the global surveillance ecosystem mapping technologies, targets, manufacturers, and their funding networks. This platform equips individuals, civil society, organizations, and policymakers worldwide with a mitigation framework and actionable forensic toolkits.

Global Surveillance Supply Chain Map ⓘ

● Live API
Targeted Country (Uganda)
Vendor Headquarters
Verified Supply Connection

Commercial Spyware Database

● Live API

Historical Spyware Index

● Live API: Wikipedia

MITRE ATT&CK® Techniques ⓘ

● Live API

Socio-Technical Mitigation Framework

Framework for Mitigating Spyware & Surveillance Risks Layer 1: User Empowerment Proactive (Prevention) • Point-of-Sale Digital Literacy • Specialized Anti-Surveillance Training • High-Risk Cohort Awareness Programs Reactive (Response) • Victim-Centric Reporting Pathways • TFGBV & Intimate Partner Support • Structured Device Isolation Protocols Layer 2: Organizational Governance Proactive (Prevention) • Zero-Trust Mobile Device Management • Industry-Specific Security Playbooks • Awareness Decentralization Programs Reactive (Response) • Spyware Incident Response Protocols • Financial Sector Data Access Audits • Digital Lender Compliance Reviews Layer 3: Technical Infrastructure Proactive (Prevention) • State-Provisioned Forensic Tooling • Hardware-Level Security Defenses • Device Import Security Baselines Reactive (Response) • Telecom Equity Obligations (Free Alerts) • ISP-Level Signal Vulnerability Barriers • Decentralised End-to-End Encryption Layer 4: Legal & Policy Environment Proactive (Prevention) • Institutional Resource Scaling • International Regulatory Alignment • Rights-Compliant Legislative Reform Reactive (Response) • Independent Judicial Oversight Mechanisms • First-Contact Forensic Response Units • Proportionate Penalties for Surveillance Layer 5: Civil Society & Public Awareness Proactive (Prevention) • Community-Based Sensitization Networks • Public Threat Attribution Repositories • Real-Time Early-Warning Systems Reactive (Response) • Bilingual Civil Society Forensic Clinics • Advocacy & Spyware Attribution Campaigns • Independent Forensic Rapid-Response Labs Proactive Controls (Prevention) Reactive Controls (Response)

Framework Mitigation Matrix

Framework Layer Proactive Controls (Prevention) Reactive Controls (Response)
1. User Empowerment
  • Point-of-Sale Digital Literacy: Embedding security hygiene training into the device acquisition process.
  • Specialized Anti-Surveillance Training: Targeted capacity building for high-risk targets on advanced surveillance vectors.
  • High-Risk Target Awareness Programs: Localized outreach for vulnerable demographics.
  • Victim-Centric Reporting Pathways: Structured reporting flows that prioritize device isolation and psychological safety.
  • TFGBV & Intimate Partner Support: Specialized support for victims of intimate partner and gendered surveillance.
  • Structured Device Isolation Protocols: Technical guidance on air-gapping vs destructive resets.
2. Organizational Governance
  • Zero-Trust Mobile Device Management: Enforcing strict separation and auditing of corporate data on personal devices.
  • Industry-Specific Security Playbooks: Developing formal incident response protocols tailored to institutional threat profiles.
  • Awareness Decentralization Programs: Expanding organizational safety mandates to informal and grassroots economic actors.
  • Spyware Incident Response Protocols: Formal procedures for identifying and containing commercial monitoring tools.
  • Financial Sector Data Access Audits: Rigorous auditing of digital lending and fintech platforms to prevent unauthorized data access.
  • Digital Lender Compliance Reviews: Mandatory oversight of lending apps' data-scraping practices.
3. Technical Infrastructure
  • State-Provisioned Forensic Tooling: Government procurement and distribution of open-source detection tools for public use.
  • Hardware-Level Security Defenses: Adoption of physical kill switches, Faraday protocols, and secure hardware baselines.
  • Device Import Security Baselines: Mandating anti-surveillance standards for all imported mobile hardware.
  • Telecom Equity Obligations (Free Alerts): Mandating free-of-charge security alerts for subscribers.
  • ISP-Level Signal Vulnerability Barriers: Technical protections against SS7 and signaling-layer exploits.
  • Decentralised End-to-End Encryption: Promoting the use of peer-to-peer encrypted messaging as the default for sensitive communication.
4. Legal & Policy Environment
  • Institutional Resource Scaling: Ensuring digital protection offices have the staffing, funding, and technical capacity required for enforcement.
  • International Regulatory Alignment: Forging partnerships to address the transnational supply chains of mercenary spyware.
  • Rights-Compliant Legislative Reform: Drafting laws that prioritize individual digital rights over state monitoring.
  • Independent Judicial Oversight Mechanisms: Implementing mandatory, non-negotiable warrant requirements for all forms of digital interception.
  • First-Contact Forensic Response Units: Deploying specialized IT units at local stations for immediate victim support.
  • Proportionate Penalties for Surveillance: Establishing severe consequences for unauthorized state and commercial surveillance.
5. Civil Society & Public Awareness
  • Community-Based Sensitization Networks: Partnering with religious, market, and community groups to localize threat information.
  • Public Threat Attribution Repositories: Supporting independent platforms that track and share real-time Indicators of Compromise (IoCs).
  • Real-Time Early-Warning Systems: Automated alerts for emerging surveillance patterns.
  • Bilingual Civil Society Forensic Clinics: Establishing trusted, rapid-response centers parallel to the state apparatus.
  • Advocacy & Spyware Attribution Campaigns: Shifting focus toward naming and shaming the commercial entities behind surveillance tools.
  • Independent Forensic Rapid-Response Labs: Providing expert payload extraction and verification services for citizens.
71.6%
Suspect Covert Monitoring
2.69/5
Mean Platform Trust Score
>70%
Altered Digital Behavior
62.2%
Lack Legal Awareness

Quantitative Privacy Findings

Survey Methodology: Purposive sampling (Jane-May 2026), valid responses. Error margin ±5%.

Behavioral Adaptations

Self-reported actions following surveillance awareness. Multi-select format.

Survey Empirical Takeaways & Analysis

Systemic Privacy Concern vs. Behavioral Friction

The empirical results reveal a profound disconnect between user anxiety and practical self-defense. While 68.1% of respondents are "Very Concerned" about digital privacy, only 32.2% have adopted privacy-preserving technologies (such as VPNs, Tor, or Signal).

This privacy paradox is driven by technical friction, cost, and a lack of point-of-sale digital hygiene onboarding, reinforcing the framework's mandate for Layer 1: User Empowerment controls.

Ad-Hoc Defense Adaptations

Rather than adopting robust encryption tools, Ugandan users resort to ad-hoc, manual adaptations. 61.3% limit app permissions, and 57.2% manually toggle security configurations.

Crucially, 52.2% engage in online self-censorship and avoid sensitive conversations—a direct threat to open civic spaces, human rights advocacy, and democratic participation. This underscores the urgent need for systemic, technical, and regulatory intervention.

Gendered & Civil Society Vulnerabilities

Surveillance risks are highly asymmetrical. Empirical data indicates that spyware deployments disproportionately target civic space, particularly affecting feminist activists, journalists, and human rights defenders.

This uneven distribution creates widespread paranoia, suppresses online advocacy against technology-facilitated gender-based violence (TFGBV), and erodes essential interpersonal trust within critical activist networks.

Some Reported Surveillance Incidents in Uganda (2011–2025)

Chronological evidence mapping documented spyware deployments, network disruptions, and hardware-level intercept operations targeting political opposition, journalists, and activists in Uganda.

Anti-Surveillance & Forensic Toolkit Hub

In alignment with Layer 1 (User Empowerment) and Layer 3 (Technical Infrastructure) of the mitigation framework, this hub provides high-risk cohorts, including journalists, human rights defenders, legal advocates, and civil society actors, with active, open-source auditing utilities and personal security guides.

Mobile Verification Toolkit (MVT)

Amnesty International

Developed by Amnesty International's Security Lab, MVT is an open-source command-line tool designed to facilitate the consensual forensic acquisition and analysis of Android and iOS devices, detecting trace signatures left by highly targeted spyware like Pegasus and Predator.

  • Extracts and inspects system logs and application databases.
  • Compares device indicators against known Indicators of Compromise (IoCs) compiled by Citizen Lab.
  • Safe, read-only analysis of backups to prevent device interference.

TinyCheck Spyware Detector

Network Forensics

TinyCheck allows you to easily capture and analyze network communications from a mobile device (iOS, Android, or IoT) using a separate Raspberry Pi-configured Wi-Fi hotspot. It identifies communication with spyware command-and-control (C2) servers in a completely non-invasive way.

  • Zero footprint on the target device: Spyware cannot detect it is being monitored.
  • Uses heuristic analysis and Snort/Zeek rules to match outbound traffic with cyber espionage servers.
  • Extremely useful for civil society organizations running local clinics.

Citizen Lab Security Planner

A highly recognized, interactive digital safety planning guide developed specifically for high-risk cohorts by the University of Toronto’s Citizen Lab. It helps you build a personalized, actionable protection baseline tailored to your unique threat profile.

Access Security Planner ↗

Front Line Defenders: Security in a Box

In collaboration with Tactical Technology Collective, Front Line Defenders provides an extensive library of localized, multi-language guidebooks on secure configurations for messaging apps, smartphones, emails, and browsing privacy.

Explore Security in a Box ↗

EFF Surveillance Self-Defense

Knowledge Base

The Electronic Frontier Foundation's expert guide to protecting yourself from electronic surveillance. It provides essential tutorials on secure communications, threat modeling, and circumventing censorship tailored for activists.

Access SSD Guide ↗

Access Now Digital Security Helpline

Incident Response

A 24/7, free-of-charge secure helpline for civil society, activists, and journalists. If you suspect your device is compromised by state-grade spyware, Access Now provides rapid-response forensic support and mitigation advice.

Contact Helpline ↗

Tails OS (Amnesic Incognito)

Secure OS

A portable operating system that protects against surveillance and censorship. It forces all incoming and outgoing connections through the Tor network and leaves no trace on the host computer. Used extensively by investigative journalists.

Download Tails ↗

GrapheneOS

Hardened Mobile

A privacy and security-focused mobile operating system with Android app compatibility. It mitigates entire classes of vulnerabilities, making it significantly harder for zero-click commercial spyware to successfully exploit the device.

Explore GrapheneOS ↗

Research - Full Report