Predaxia Research

MSAB XRY

Micro Systemation AB · Sweden

ActiveRussia exit 2022

Confidence 4/5

VendorMicro Systemation AB (MSAB)

Country of originSweden (Stockholm)

Founded1984 (mobile forensics from late 1990s)

ListedNasdaq Stockholm First North (MSAB B)

Current statusActive. Russia and Belarus suspended 2022

US Entity ListNo

Customer base100+ countries per MSAB IR

Predaxia GlossaryWhat it means in practicePlain-English explainer · Threat model · Action steps

Technical capabilities

MSAB XRY is a mobile-forensics extraction suite paired with the XAMN analysis platform. The toolset targets Android and iOS smartphones, feature phones, GPS units, drones and a long tail of legacy devices. MSAB publicly claims support for 30,000+ device profiles.

XRY operates in logical, file system, and physical extraction modes depending on the target device and unlock state. Supported attack vectors include ADB-based extraction on Android, MTP logical pulls, JTAG and chip-off recovery for damaged devices, and proprietary bypasses for selected device families. Capability against modern iOS in Before First Unlock state is materially limited and trails Cellebrite UFED Premium.

Documented use

MSAB clients include law enforcement, military, intelligence and corporate forensics units globally. Public reporting and procurement records have identified deployments in:

United Kingdom (Metropolitan Police, regional forces, Border Force).
United States (multiple federal agencies and state police forces).
Canada, Germany, France, Netherlands and other EU member states.
Belarus (KGB), per The Intercept and Reporters Without Borders reporting (2021). MSAB suspended sales after Lukashenko regime crackdown.
Bangladesh (Rapid Action Battalion), per Al Jazeera Investigations and Privacy International (2021).
Myanmar (police forensics), per Reuters reporting following the 2021 coup. MSAB suspended sales after disclosure.

Customer states

MSAB publicly states that it screens exports against EU dual-use regulation and end-user undertakings. Sales to Russia and Belarus were suspended in 2022. Sales to Myanmar were suspended after the February 2021 coup. Sales to other authoritarian regimes including the United Arab Emirates and Saudi Arabia have been documented in past procurement databases. MSAB has not publicly disclosed a complete client list.

Legal and sanctions status

Not on the US Department of Commerce Entity List.
Subject to EU Regulation 2021/821 on dual-use exports for forensic and cyber-surveillance items.
Listed on Privacy International’s Surveillance Industry Index since at least 2016.
Voluntary export suspensions: Russia (2022), Belarus (2022), Myanmar (2021).

Technical countermeasures

Powered-off state (BFU): keys are not derived. Current iOS and Pixel devices in BFU significantly resist MSAB extraction.
Strong alphanumeric passcode: defeats brute-force timing windows.
iOS Lockdown Mode: reduces attack surface for After First Unlock extraction.
GrapheneOS on Pixel devices: per the GrapheneOS project, hardens against logical and physical extraction tooling including MSAB-class products.
USB Restricted Mode: blocks data accessory communication when locked.
Encrypted secondary devices: separate phone for sensitive communications, fully wiped between uses.

For at-risk individuals. If your device is seized, do not unlock and do not authenticate to it under request. The Before First Unlock state is the strongest forensic posture. Contact a lawyer immediately.

Sources

Update log

March 18, 2026: Page added. Sourced from Privacy International Surveillance Industry Index, Reporters Without Borders investigations, Al Jazeera Investigations, Reuters and MSAB Investor Relations public filings.

There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.