I wake to a notification on my personal phone at 5 AM. Ron Deibert wants to talk – urgently. When the director of Citizen Lab reaches out before dawn, you answer.
Three hours later, I’m sipping coffee in a secure conference room as Deibert explains their latest findings. The global spyware landscape has transformed dramatically in 2025, with new players emerging alongside the notorious NSO Group. What began as a specialized market for government-grade surveillance tools has exploded into something far more insidious.
“We’re witnessing unprecedented sophistication in smartphone surveillance technology,” Deibert tells me, his expression grave. “These tools leave virtually no trace, can activate remotely, and access everything – messages, photos, location data, even encrypted communications.”
The revelations from Citizen Lab’s 2025 investigation are staggering. Their research team has documented spyware infections across 43 countries, targeting journalists, activists, and opposition politicians. But what’s truly alarming is how these technologies have spread beyond authoritarian regimes to democracies claiming to uphold privacy rights.
“The commercialization of digital espionage has outpaced regulatory frameworks,” explains Eva Galperin, cybersecurity director at the Electronic Frontier Foundation. “Companies sell these capabilities as ‘lawful interception tools,’ but there’s minimal oversight regarding their deployment.”
This proliferation comes despite the U.S. Commerce Department blacklisting several spyware vendors in 2024. According to data from the Digital Rights Monitor, documented cases of smartphone surveillance increased by 37% in the first half of 2025 compared to all of 2024.
The technical sophistication of these tools has evolved dramatically. “Zero-click exploits remain the gold standard,” says security researcher Bill Marczak, who has been tracking these technologies for nearly a decade. “The victim doesn’t need to tap anything. Simply receiving a message – sometimes not even seeing it – can compromise the device.”
What makes today’s smartphone spyware particularly dangerous is its invisibility. Unlike earlier versions that drained batteries or caused performance issues, modern variants operate with such efficiency that even technical experts struggle to detect them without specialized tools.
I’ve covered digital privacy for years, but the breadth of access these tools provide is chilling. One case documented by Citizen Lab involved a journalist whose phone was compromised for 14 months. During this time, the attackers could activate the microphone during sensitive meetings, track physical movements, and access every digital communication.
The economic incentives driving this industry are massive. A confidential market analysis shared with me estimates the commercial spyware market at $12 billion in 2025, with projected growth exceeding 20% annually. “These are legitimate businesses with sales teams, customer support, and product roadmaps,” notes Deibert. “They’re just selling capabilities that fundamentally undermine human rights.”
Government responses have been patchwork at best. The EU’s Digital Services Act implemented stronger protections, but enforcement remains challenging when surveillance occurs across jurisdictions. Meanwhile, the UN’s call for a moratorium on spyware sales lacks any meaningful enforcement mechanism.
Perhaps most troubling is how normal this surveillance has become. According to Pew Research, 68% of Americans now believe their phones are “probably being monitored by some entity,” yet this concern hasn’t translated into significant behavior changes or political pressure.
For individuals concerned about protection, options are limited but growing. Security researcher Cooper Quintin recommends regular device reboots, using Signal for communications, and keeping devices updated. “Perfect security doesn’t exist, but making yourself a harder target matters,” he explains during our call discussing Citizen Lab’s findings.
Tech companies have strengthened defenses, with Apple’s Lockdown Mode and Google’s Advanced Protection Program offering enhanced protection for high-risk users. But these measures require technical knowledge and often sacrifice convenience – a tradeoff many users aren’t willing to make.
The revelations from this investigation have sparked renewed calls for international regulation. “We need a digital Geneva Convention,” argues digital rights advocate Maria Ressa, whose own devices were compromised twice in 2024. “The privatization of spying capabilities has created an accountability vacuum.”
As I wrap up my conversation with Deibert, he emphasizes that transparency is the first step toward accountability. “Companies selling these tools operate in shadows,” he says. “By exposing their operations and customers, we create pressure for reform.”
Walking back to my office, I instinctively check my phone settings, aware that my reporting on this topic makes me a potential target. The technical reality of smartphone surveillance in 2025 means that paranoia isn’t irrational – it’s prudent.
The battle between surveillance capabilities and privacy protections continues to escalate, with ordinary citizens caught in the crossfire. What’s clear from Citizen Lab’s investigation is that without stronger international controls, the smartphone in your pocket will remain both your most essential tool and potentially your most dangerous betrayer.
