Cellebrite Acquires Corellium, Raising Stakes for Mobile Security and Surveillance Tools

Cellebrite is acquiring mobile virtualization firm Corellium in a $200 million deal, combining two controversial players in the mobile forensics space, according to CyberScoop. The move strengthens Cellebrite’s position in vulnerability research and virtual mobile environments, areas increasingly relevant for MSSPs tasked with securing mobile endpoints across enterprise and government clients. Corellium’s virtual device platform gives researchers, developers, and red teams a scalable way to simulate mobile operating systems for testing, without needing physical hardware.

For MSSPs, the integration could streamline mobile threat emulation, pen testing, and exploit research. Cellebrite’s forensic tools have long been used to extract encrypted data from devices during investigations. With Corellium’s virtualization technology, MSSPs may gain faster, lab-grade environments for testing mobile malware, analyzing threat behavior, and validating response protocols. This aligns with growing demand for proactive mobile security capabilities, especially as workforces shift to BYOD and hybrid environments.

However, the deal also renews scrutiny over how such tools are used—and by whom. Both companies have faced criticism for enabling surveillance and for engaging with state actors and controversial private entities. While the technology offers value for threat hunting and digital investigations, MSSPs operating under strict compliance mandates will need to assess how this acquisition impacts client trust, legal boundaries, and toolchain transparency.

As the deal awaits regulatory review, especially from CFIUS, MSSPs should watch how the integration unfolds. If approved, the combined offering may lead to a broader range of mobile testing and vulnerability assessment capabilities—but also greater responsibility in ensuring ethical use. For security providers operating at the intersection of forensics and defense, this acquisition marks a shift in how mobile infrastructure is analyzed, secured, and—potentially—exploited.