By Helen Namyalo Kimbugwe and Noelyn Tracy Nassuuna
In today’s world, where our entire lives are condensed into handheld devices, the smartphone has become both an incredible tool and a significant vulnerability. For human rights defenders, journalists, and civil society actors in East Africa, the risks associated with carrying sensitive data are rapidly growing. With increasing surveillance, political repression, and data harvesting by authorities, especially across borders, your phone could expose you to threats you never imagined.
Recent developments in East Africa, particularly in Uganda, Kenya, Rwanda, and Tanzania, reflect an alarming pattern. Border officials are more frequently requesting travellers to unlock their phones. In some cases, they take the devices into another room, copy data, and return them 15 to 30 minutes later. This includes access to your photos, messages, apps, call logs, contacts, emails, and even deleted files. For many travelers, especially those involved in activism or advocacy, this kind of intrusion can lead to harassment, arrest, or worse.
Thankfully, there are digital privacy measures you can take to stay ahead. For example, if you’re using GrapheneOS on a Google Pixel device, there’s an advanced feature called “duress mode.” This allows you to set up a special PIN code that, when entered under pressure, instantly wipes your phone. On iPhones, while you don’t get the same feature, you can enable the “Erase Data” option after 10 failed attempts. It’s not as powerful, but it still adds a layer of defence.
A simple yet effective tip: Always use a six-digit passcode instead of four. If you’re worried about forgetting it, you can repeat your four-digit PIN twice—it’s still significantly more secure. Biometrics like fingerprints and face unlock should be avoided while traveling, as authorities can forcibly use them to unlock your device without your consent.
One of the most critical steps you can take is to carry a clean “travel phone.” This is a secondary device that contains only the most essential apps and information—no personal messages, photos, or documents that could be used against you or your networks. Log out of all your email, banking, and social media apps before reaching a border checkpoint. Better yet, delete them temporarily and reinstall later when safe. If you must travel with your primary phone, ensure that it is encrypted. While most modern smartphones are encrypted by default, verifying this in your device settings is important. Although disabling automatic cloud backups (e.g., Google Drive, iCloud, WhatsApp) can be inconvenient, it is a critical step for maintaining data security. Where feasible, back up your data in advance, securely wipe your device before departure, and only restore the information once you are in a trusted and secure environment.
Secure messaging apps like Signal or Briar are highly recommended. Signal offers end-to-end encrypted messages with disappearing message options. At the same time, Briar works without internet access, connecting devices over Bluetooth, a useful tool when networks are shut down or compromised. For browsing, Tor Browser and Brave can help mask your digital footprint, and VPNs like Proton VPN protect your IP and data from being intercepted.
Another lesser-known threat while travelling is using other people’s laptops, power banks, or public USB charging stations to charge your phone. A cybersecurity expert, @MG, recently shared on his X platform that it’s possible to embed malicious hardware in seemingly ordinary charging cables, allowing attackers to silently install spyware or steal data, all through a simple act of charging.
“Every time I travel, I let people charge their devices. Totally harmless. They never know who I am or what I normally do with USB cables, but maybe one day. This lady’s phone died a few minutes into a 5-hour flight. I just wanted her to enjoy her time.”
While this risk is more prevalent in high-surveillance environments or with targeted individuals, East Africa’s tightening political environment means these kinds of attacks are no longer theoretical. Always carry your own power bank and wall plug, and avoid plugging into unknown USB ports or borrowed devices.
In East Africa, it’s not just border crossings where your phone is vulnerable. Internal roadblocks, especially in Uganda, are notorious for phone checks and random inspections. Renaming your contacts with neutral identifiers (e.g., changing “Lawyer” to “Uncle Ben”) can reduce suspicion if your contact list is scrutinized. Documenting human rights violations or organizing protests should be done with tools like ObscuraCam, which can anonymize people in images and secure your data.
All of these precautions may seem extreme, but they reflect the reality of an increasingly hostile digital environment. In the wake of laws such as the Computer Misuse Act and during times of election unrest or crackdowns on civil society, having activist materials or politically sensitive content on your phone can lead to detention or deportation. Even if you’re not the direct target, your phone may contain information that puts others at risk.
This isn’t about paranoia, it’s about preparedness. Just as you wouldn’t hand your passport to a stranger, you shouldn’t let your phone become an open book to authorities or unknown devices. Your smartphone is a window into your work, identity, and community. In the wrong hands, it becomes a weapon.
As you plan your next cross-border trip, whether for a workshop, a conference, vacation, a protest, or a field visit, take these precautions seriously. Train your team, update your digital safety practices, and always assume your device may be searched.
In the end, digital security is not a luxury. It is survival. Protect your data like your passport. Because in East Africa’s shifting political terrain, your privacy may just be your best defense.
