Mobile Discovery Is Stuck
Mobile devices have become the primary communication channel for most business professionals, yet eDiscovery workflows remain stubbornly optimized for email and documents stored on laptops and servers. The result is a growing gap between where relevant evidence lives and where discovery tools are designed to look. Text messages, iMessages, WhatsApp conversations, Signal threads, photos with metadata, call logs, voicemails, and app-specific data all reside on mobile devices, and all of it may be discoverable.
The diversity of mobile data types is the first challenge. Unlike email, which follows standardized formats (EML, MSG, PST), mobile data comes in dozens of proprietary formats that vary by device manufacturer, operating system version, and messaging application. An iMessage conversation is stored differently than an SMS, which is stored differently than a WhatsApp message, which is stored differently than a Slack DM sent from a mobile app. Each requires different collection methods, different processing pipelines, and different production formats.
BYOD (Bring Your Own Device) policies multiply the complexity exponentially. When employees use personal devices for business communications, the organization faces a collision between discovery obligations and employee privacy rights. You cannot simply image an employee's personal phone the way you would image a company-issued laptop. Personal photos, medical apps, dating apps, financial information, and family communications all reside on the same device as the business data you need to collect. The legal and practical framework for navigating this tension is still evolving.
The commingling of personal and business data on mobile devices creates challenges at every stage of the discovery process. During preservation, you need to prevent destruction of business data without overreaching into personal content. During collection, you need to extract business-relevant data without capturing personal information that is outside the scope of discovery. During review, you need to separate business from personal content efficiently. And during production, you need to present mobile data in a format that is both defensible and usable by the receiving party.
Step 1: Identify Mobile Data Sources and Preservation Obligations
The first step in any mobile discovery effort is to identify which custodians use mobile devices for business communications and what types of data may be relevant. This assessment should happen early in the litigation — ideally during the initial document preservation process — because mobile data is uniquely vulnerable to destruction. Auto-delete settings, device upgrades, remote wipes, and simple user behavior (deleting old messages to free storage) can all destroy relevant evidence if preservation is not implemented promptly.
Interview key custodians about their mobile communication habits. Ask specifically about text messaging (SMS and iMessage), messaging apps (WhatsApp, Signal, Telegram, WeChat), mobile email (which may contain communications not captured by server-side email collection), photos and videos taken with the device camera, and any business-specific apps that store data locally on the device. Do not assume that email collection from the server captures all mobile communications — many mobile-first communications never touch an email server.
Issue a litigation hold that specifically addresses mobile devices. Generic litigation holds that instruct custodians to "preserve all relevant documents" are insufficient for mobile data. The hold should specifically identify the types of mobile data that must be preserved, instruct custodians to disable auto-delete settings on messaging apps, and prohibit factory resets, device trade-ins, or operating system upgrades without prior approval. The hold should also address cloud backups — iCloud, Google Drive, and platform-specific backups may contain historical mobile data that is no longer on the device itself.
If your organization uses a Mobile Device Management (MDM) platform, take immediate steps to suspend remote wipe capabilities for custodian devices. MDM platforms are designed to allow IT administrators to remotely erase device data in the event of loss or theft, or when an employee leaves the organization. If a remote wipe is executed on a custodian's device after a litigation hold is in place, the resulting data destruction may constitute spoliation. Coordinate with IT to ensure that MDM policies do not conflict with preservation obligations.
Step 2: Choose Your Collection Method
Mobile device collection methods vary significantly in their scope, invasiveness, and forensic defensibility. The right method depends on the nature of the case, the types of data you need, and the sensitivity of the personal data on the device. Understanding the differences between collection methods is essential for making informed decisions about scope and proportionality.
Logical extraction is the most common collection method for civil litigation. It uses the device's standard data interfaces (iTunes backup for iOS, ADB for Android) to extract data that is accessible through the operating system's normal APIs. Logical extraction captures messages, contacts, call logs, photos, app data, and most other user-generated content. It does not capture deleted data or data stored in areas of the file system that are not accessible through standard APIs. For most civil matters, logical extraction provides sufficient coverage and is the least invasive option.
File system extraction provides access to a broader set of data, including some data that is not accessible through logical extraction. It accesses the device's file system directly, capturing application databases, system logs, and other data that may contain relevant evidence. File system extraction may recover recently deleted data that has not yet been overwritten. This method requires specialized forensic tools (Cellebrite, GrayKey, Magnet AXIOM) and is typically used when there are concerns about data destruction or when the case requires access to data that logical extraction cannot reach.
Physical extraction creates a bit-for-bit copy of the device's entire storage, including all allocated and unallocated space. This is the most comprehensive collection method and can recover deleted data, fragments of overwritten files, and data from areas of storage that are not accessible through logical or file system extraction. Physical extraction is primarily used in criminal cases, internal investigations involving suspected spoliation, and cases where the integrity of the device data is likely to be challenged. It is the most invasive method and may capture significant amounts of personal data that is outside the scope of discovery. Cloud backups offer an alternative collection path that avoids physical access to the device entirely. iCloud, Google, and platform-specific cloud services may contain historical snapshots of device data that can be collected through account-level access.
Step 3: Navigate BYOD Complications
BYOD devices present a unique set of legal and practical challenges that do not arise with company-owned devices. The fundamental tension is between the organization's discovery obligations — which may require access to business data on the device — and the employee's privacy rights in their personal data. Navigating this tension requires clear policies, transparent communication, and careful attention to proportionality.
Scope limitation is the primary tool for balancing discovery obligations with employee privacy. Rather than imaging the entire device, work with counsel to define the specific data types and date ranges that are relevant to the litigation. A targeted collection that extracts only text messages from a specific date range, or only WhatsApp conversations with specific contacts, is far less intrusive than a full device image and is more likely to survive a proportionality challenge. Courts have generally been receptive to scope limitations that are tailored to the specific claims and defenses at issue.
Privacy notices should be provided to employees before any collection from a BYOD device. The notice should explain what data will be collected, how it will be used, who will have access to it, and how personal data that is inadvertently collected will be handled. Employee cooperation is essential — unlike company-owned devices, you may not have the legal authority to compel an employee to surrender a personal device for collection. Building a cooperative relationship through transparency and respect for privacy concerns is more effective than confrontation.
The best long-term solution is to build discovery expectations into your BYOD policy before litigation arises. A well-drafted BYOD policy should address the organization's right to access business data on personal devices, the employee's obligation to preserve data in response to a litigation hold, the collection methods that may be used, and the protections that will be applied to personal data that is inadvertently collected. Employees who agree to these terms when they enroll in the BYOD program are far more likely to cooperate when a collection becomes necessary.
Step 4: Process and Produce Mobile Data
Processing and producing mobile data requires different approaches than traditional document production. The conversational, threaded nature of messaging data does not fit neatly into the document-by-document paradigm that most eDiscovery workflows are built around. Threading is the first challenge: a single SMS conversation may span months and include hundreds of messages. Producing each message as a separate document makes the conversation incomprehensible, while producing the entire thread as a single document may include non-relevant messages that should be excluded.
Media association is another challenge unique to mobile data. A text message that says "look at this" followed by a photo is meaningless without the photo. Similarly, a WhatsApp voice message, a shared location, or a forwarded contact card must be associated with the message that contained it. Your processing pipeline must maintain these associations and present media inline with the messages that reference them, or the produced data will be misleading and incomplete.
Contact resolution transforms phone numbers into human-readable names, making message threads comprehensible to reviewers and the court. Without contact resolution, a conversation appears as a series of exchanges between phone numbers, requiring the reviewer to manually cross-reference a contact list for every message. Emoji rendering may seem trivial, but emojis carry meaning in mobile communications and must be rendered correctly in the produced format. A thumbs-up emoji in response to a contract term may constitute acceptance; a production that strips or corrupts emojis loses that evidence. Timezone normalization ensures that message timestamps are consistent and accurate, particularly when custodians communicate across time zones or travel frequently.
The production format for mobile data should be negotiated in the ESI protocol at the beginning of the case. Common options include PDF exports of threaded conversations (which preserve the visual appearance of the messaging interface), load files with individual message records (which allow searching and filtering but lose conversational context), and HTML exports that render the conversation in a browser-friendly format. The GWA PLLC case demonstrated the importance of getting mobile data processing right: over 1 million documents were processed, including significant mobile data, and the client was found not guilty — a result that depended in part on the completeness and accuracy of the mobile data production.
How DecoverAI Handles Mobile Device Data
DecoverAI processes mobile device data through the same unified processing pipeline used for all other data types. Whether your data comes from an iPhone logical extraction, an Android file system dump, a WhatsApp export, or a cloud backup, it enters the same workflow and receives the same level of processing, indexing, and AI-powered analysis. There is no separate mobile module to license, no additional processing fee, and no limitation on the types of mobile data that can be ingested.
The platform's AI classification capabilities are particularly valuable for BYOD collections, where separating business from personal content is a critical requirement. DecoverAI's classifiers can distinguish between business communications and personal messages based on content, participants, and context, allowing review teams to focus on relevant business data without manually reviewing thousands of personal messages. This capability reduces both the review burden and the privacy concerns associated with BYOD collections.
DecoverAI's pricing model applies the same $60 per gigabyte rate to all data types, including mobile data. There is no premium for mobile processing, no per-device fee, and no surcharge for complex data types like WhatsApp or Signal. This transparent pricing makes it possible to include mobile data in discovery without the cost uncertainty that often leads legal teams to exclude mobile sources from their collection scope — a decision that can create significant risk if relevant evidence exists only on mobile devices.
The platform handles threading, media association, contact resolution, emoji rendering, and timezone normalization automatically during processing. Conversations are presented in threaded format with inline media, making them immediately comprehensible to reviewers without manual reconstruction. Production formatting options include PDF conversation exports, individual message load files, and HTML renderings, all of which can be configured to match the requirements negotiated in your ESI protocol.