
WhatsApp app on the smartphone screen on wooden background with a computer beside it.
Data from the police shows that mobile phone and related data thefts in Kampala and the surrounding areas rank as most prevalent form of stealing.
Statistics from the Uganda Police Force Annual Crime Report 2023, reveal that at least 2,433 mobile phones were stolen from people in the Kampala Metropolitan Area that covers Kampala City, Wakiso and Mukono districts.
The phone-snatchers prowl and thrive in bustling downtown markets, shopping centres, streets, and taxi parks as they prey on unsuspecting pedestrians and commuters. These cases of phone theft keep rising despite advancements in phone security features, including encrypted passwords that are designed to deter improper access.
These phone thefts are eased by technicians, who offer bypass services of phone unlocking, factory resetting, software updates, and hardware repairs. These services are sought by robbers and phone owners who have genuinely forgotten their phone passwords, bought a locked phone, or need software upgrade.
By the end of 2023, a total of 7,407 mobile phones were reported snatched, compared to 6,936 cases reported in 2022, implying a 6.8 percent increase.
Bypass tricks
Cybercrime experts reveal a series of techniques used to bypass phone security features, biometrics, and mobile money account personal identification number (PIN) to unlock access to stolen phones.
Mr David Kato,a mobile security analyst, says ‘jailbreaking’ is a common approach to remove factory-imposed restrictions. “By jailbreaking an iPhone (earlier series), for example, thieves can disable security features, allowing them to install unauthorised apps that may help them bypass screen locks or biometrics,” he says.
Similarly, cyber investigator Mercy Amanya explains: “For android devices, ‘rooting’ is similar to jailbreaking. Rooting gives thieves full administrative access to the phone operating system, allowing them to override the built-in security settings. This can even reset password locks in some cases.”
She says in some cases, the phone thieves perform a factory reset via recovery mode, which wipes off the data but and removes the phone security settings.
Mercy says these operations unlock the phones for resale. A phone technician, only identified as Sam, working in a phone shop at Mutaasa
Kafeero Building Kampala, says: “A lot of times, if we can’t unlock a phone, we just strip it for spare parts. It’s still valuable that way – the screens, batteries, cameras, they all have buyers.”
Phone thieves don’t just steal devices for resale; they also quickly access mobile money apps to transfer funds to accomplices before victims can respond.
These cases of phone thieveries keep rising despite advancements in phone security features, including encrypted passwords that are designed to deter improper access.
WhatsApp with hackers
“Once the reset is complete, the phone displays the reboot option and with a quick selection, the device powers back on, revealing the welcome screen as if it is brand new and free from any traces of operations by the previous owner,” she says.
But Kato reassures that despite these bypass methods, the updated devices with hardware-backed security are more resistant to the manipulations. “Newer iPhones with the latest iOS updates are challenging for thieves to jailbreak due to advanced protections,” he says.
Nevertheless, a forensic analyst, Mr James Okello, says changing the International Mobile Equipment Identity (IMEI), a unique identifier assigned to each phone, is another tactic used by the thieves.
“Changing the IMEI can be done with specialised software to alter it and assign new serial numbers, making tracking the stolen device nearly impossible and allows it to function on networks as if it were a different phone,” Okello says.
He says: “Individuals often turn to third party IMEI changer applications found in unofficial app stores, which can easily harbour malware.”
An IMEI is the serial number of a mobile device and can be checked by simply dialing *#06#. For those with technical proficiency, the Android Debug Bridge (ADB) offers a more hands-on approach. “Using ADB commands, you can directly modify the IMEI from a terminal interface, but it requires some serious skill,” he says. But Okello warns that changing an IMEI is illegal. “It can lead to hefty fines and even jail time, it is essential to respect the legal frameworks in place. The potential consequences of such actions can be severe," he cautions.
He also says improper modifications can break the device and render it useless. Okello adds that IMEI tampering is more common with Android devices, unlike iPhones that have stricter protection against such alterations.
How to beat bypass
Despite these tactics, experts emphasise that updated devices with hardware-backed security are less susceptible to hacks. They advise users to report stolen phones immediately so that network providers can blacklist the IMEI and blocking it from network use. The experts also advise phone users to enable multi-factor authentication (MFA) and keep their software up to date as these steps add vital layers of protection.
But for many Ugandans, the financial damage is devastating. Corporate victims Mr John Niwagaba, a finance director at a logistics company in Kampala, had his life turned upside down when he fell victim to a phone theft that cost him and his company millions. The breach of trust in digital security occurred at a business dinner at a luxury hotel in Kololo, an upscale Kampala City neighbourhood, where a thief posing as a waiter snatched the phone from the table.
Within hours, the criminals had accessed Niwagaba’s corporate email, which was linked to the company’s financial accounts. They exploited saved log in credentials to authorise a fraudulent transaction worth Shs20m, which appeared legitimate as it bore Niwagaba’s official email signature.
“Besides the corporate losses, my personal bank account was drained of Shs5m through my mobile banking app. The thieves bypassed the app’s biometric security by resetting it via email recovery options, which they had already compromised,” Mr Niwagaba said, adding hat, “My employer had to halt operations for a week to investigate the breach, and my professional reputation is now under scrutiny.”
Ms Sandra Atuhaire, a project manager at a non-government organisation in Nakawa, Kampala, had her phone stolen by a motorcyclist who smashed her car window and grabbed her handbag containing her phone. Ms Atuhaire, who was on a field visit in Mbale, did not think much of the loss initially.
But the thieves used her text messages, email, and saved log-in details to access the NGO’s grant management platform. “They diverted Shs70m meant for building community water wells in rural Uganda, using multiple transactions onto different accounts to evade detection,” she said.
The NGO has since faced scrutiny from donors, who are questioning its financial controls, suspending donations from that specific donor as further investigations are pending.
Other victims’ experience For many Ugandans, the financial damage is devastating. John Mutebi, 32, a boda boda rider in Kampala, became a victim of smartphone theft during a routine evening visit to Wandegeya market. Despite blocking his SIM card, Mutebi was unable to prevent the thieves from accessing his mobile money account.
“I received a frantic call from my bank asking about suspicious transactions. When I checked my mobile money account, I realised all my savings had been drained. I later found out that the thief had impersonated me at my service provider, convinced them to issue a new SIM, and gained complete access to my account,” Mutebi explains.
They transferred Shs1,600,000 of his savings meant for his family, leaving him in financial turmoil.
What industry players say ...
A telecommunications security expert from Makerere University, Mr Andrew Mukisa,says the thieves can impersonate their victim at the mobile service provider to request a SIM card replacement. Once they obtain a new SIM, they can access the victim’s mobile money account.
This often requires some personal information about the victim, which thieves may acquire through social engineering or phishing. “It sounds simple, but this is where the weakness lies—if the attacker sounds convincing enough, the provider may not question them because they already have some basic info,” Mr Mukisa explains.
“The fraudster then requests that the provider transfer the victim’s number to a new SIM card they control,” he adds.
Mukisa says: “If the provider complies, the victim’s phone suddenly loses service, and the hacker now receives all calls and texts and can reset passwords for online accounts, circumventing any two-factor authentication tied to SMS. It’s a gateway to devastating consequences, including identity theft and financial loss.”
To beat this trap of SIM swap, Ms Arinaitwe, the MTN public relations officer, advises victims to present their National Identification cards at the service centre for such a process.
“Sim swapping can only be done physically by the SIM card holder with a National ID to verify ownership. If the phone is stolen, he has to possess a police letter with reference as well,” she adds.
Sarah Nakato, a food vendor in Kisenyi, Kampala, who uses mobile money for all her transactions, lost Shs400,000 after her phone was snatched as she boarded a taxi.
“I think the thief found the backup codes I had saved in my messages and used them to reset my accounts. I thought I was being careful by keeping those codes handy, but it backfired because didn’t realise how risky it was to store such sensitive information on my phone.”
Mr Mukisa describes this as a ‘back up codes method' where passwords and PINs are accessed. “If the victim has not set up adequate security measures, thieves can unlock the phone using techniques such as jailbreaking or rooting. They then retrieve saved passwords, PINs, or security questions related to mobile money accounts.
“Some mobile money services offer backup codes for account recovery. If thieves can access these codes via the victim’s messages or emails, they can use them to gain access to the account,” Mr Mukisa notes.
Norah Nasozzi, 50, a resident of Kajjansi Town Council, came to light when she noticed suspicious transactions on her stolen phone after replacing her SIM card and noticed a debt reminder message.
“A man posing as an Airtel agent claimed that he could help me upgrade my SIM card to 4G. In the blink of an eye the man disappeared with my phone. On making a call to the customer care line, I was shocked to learn that a loan of Shs100, 000 had been taken out in my name without my consent but truthfully, I do not recall offering him my PIN number," she says.
The fraudster reportedly gained the trust of multiple clients, convincing them to share sensitive information under the guise of upgrading their services targeting different locations. Investigations revealed that he managed to siphon off funds by exploiting the loopholes in the verification process for loan approvals and later deleted transaction messages.
Jane Achen, a shopkeeper in Nakawa, was recently targeted in one such incident. “They grabbed my phone while I was closing my shop and demanded my mobile money PIN at knifepoint. I was terrified, so I gave it to them, and within minutes, I had lost Shs800,000 that I had just collected from customers,” Achen lamented.
Achen’s experience is not isolated. Reports from police indicate a significant rise in similar cases in Kampala and elsewhere across the country, particularly in the last six months.
Many of these thefts remain unsolved, leaving victims with little recourse to recover their funds. The 2023 Police Annual Crime Report shows that Kampala Metropolitan Police (KMP) North registered the highest number of mobile phone thefts with 939 cases, followed by Rwizi with 908 cases, KMP South with 902 cases, KMP East with 592 cases and Greater Masaka with 325 cases.
Ms Amanya says when a stolen phone is infected with malware or a key logger, it becomes a powerful tool for thieves to extract sensitive information from the victim. “Malware can be pre-installed on a device or remotely installed by the thief if they unlock it. Once activated, these programmes monitor the victim’s activity and log every keystroke, allowing thieves to capture crucial details like mobile money PINs and account passwords,” she says.
Ms Amanya warns that key loggers often work silently in the background, making it difficult for the victim to realise their data is compromised until it is too late. “The victim might think they’ve only lost a phone, but in reality, they’ve lost access to their financial life and personal information,” she adds.
Ms Amanya says malware is easier to install on Android devices due to the opensource nature of the system, making these devices particularly vulnerable if not updated regularly.
“The best defense is to keep devices updated, avoid downloading apps from unknown sources, and use strong security features to prevent unauthorised access,” she advises.
Telecom players sound alarm Telecom providers, including MTN Uganda and Airtel Uganda, have acknowledged the increase in mobile money-related thefts and are urging users to take additional precautions.
David Birungi, Airtel’s public relations manager, stresses the need for telecom users to safeguard their phones and PINs. “These fraudulent transactions can only be done successfully with possession of a PIN. They can hack into emails since most people keep them there,” Mr Birungi says.
“Airtel Uganda sends a series of SMS alerts, reminding users to regularly change their mobile money PINs and to report any suspicious activity immediately,” he adds.
The MTN senior manager corporate communications and Public relations, Ms Rhona Arinaitwe, says: “As MTN, we have so many awareness campaigns in place to sensitise our clients and the most recent one being ‘Beera steady’, we had that of ‘Wewale abafere’ previously as efforts to curb cyber crimes on our network.”
An official from Uganda Communications Commission called for user vigilance in preventing mobile money and data theft. “People often underestimate the power of simple security measures. Enabling features like multi-factor authentication and avoiding weak, common passwords can make all the difference in keeping personal accounts safe.”
Police warns
Speaking to this publication, Mr Kituuma Rusoke, the police spokesperson, said: “Phone and data theft cases are significantly higher in December as the thieves exploit the festive rush, especially with mobile banking transactions and offers of Christmas bonanzas online.”
He urged the public to secure mobile devices with strong passwords, enabling two-factor authentication, and avoiding saving sensitive information on phones. A law enforcement officer, who asked not to be named, warned against users storing large amounts of money in mobile wallets unless they have the right security measures in place.
“Reporting a stolen device not only protects your mobile money account but also helps not to incriminate you when one performs a crime using your phone,” Mr Rusoke says.