Samsung Embeds IronSource Spyware App on Phones Across WANA
235the-anarchist1176/21/2025, 3:06:42 AM smex.org ↗
Comments (117)
userbinator · 3h ago
making it nearly impossible for regular users to uninstall it without root access, which voids warranties and poses security risks
Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.
ulrikrasmussen · 43m ago
We need regulation which defines that any hardware device capable of running software developed by a third party different from the hardware manufacturer qualifies as a general purpose computing device, and that any such device is disallowed to put cryptographic or other restrictions on what software the user wants to execute. This pertains to all programmable components on the device, including low-level hardware controllers.
These restrictions extend outside the particular device. It must also be illegal as a commercial entity to enforce security schemes which involve remote attestation of the software stack on the client device such that service providers can refuse to service clients based on failing attestation. Service providers have other means of protecting themselves, taking away users control of their own devices is a heavy handed and unnecessarily draconian approach which ultimately only benefits the ad company that happens to make the software stack since they also benefit from restricting what software users can run. Hypothetically, they might be interested in making it impossible to modify video players to skip ads.
akoboldfrying · 10m ago
> any such device is disallowed to put cryptographic or other restrictions on what software the user wants to execute
Won't this also forbid virus scanners that quarantine files?
> This pertains to all programmable components on the device, including low-level hardware controllers.
I don't think it's reasonable to expect any manufacturer to uphold a warranty if making unlimited changes to the system is permitted.
Incipient · 18m ago
I'm pretty sure the recent switch 2 "license to use the hardware" has entirely killed any notion that you actually own the hardware and are free to do anything with it.
Especially in Africa, where privacy and consumer rights are probably less relevant than the US/EU.
perching_aix · 3h ago
Didn't we backslide hard enough at this point that it is now architecturally ensured that there is a security downside to rooting? Prevents verified boot for example, since the attestation is tied to said corporations, and not you.
jrflowers · 2h ago
This is a good point. While there is nothing factually incorrect in the statement “rooting your phone can void your warranty and pose a security risk”, if you imagine factual statements are the same thing as value judgments it becomes very problematic.
Similarly it is pretty messed up when people say stuff like “fire can burn you if you aren’t careful” because so many people rely on fire for food and warmth.
bongodongobob · 2h ago
Do you want every phone on earth to be in a botnet? Do you really think the average person is informed enough to make good decisions security wise with technology? The average person says "hur hur im not good with tech computers hate me" even though personal computers have been around for 40 years and cellphones for 30.
I am all for right to repair and ownership and whatnot, but I really think you underestimate how little people care about basic security and the baseline aptitude with computers.
I'm not trying to be the jaded IT person, but if you've never worked in IT, you have no idea how helpless and clueless people really are with electronics. They could be a brilliant engineer but want to install The Shopping Plus App that will give them Great Super Deals And Savings!
Edit: I should clarify, this is a bad thing, but giving everyone easy root on their phones isn't the solution and would have far worse outcomes.
potamic · 2h ago
You can default to a hardened, secure setup but provide an option to override to those who want to. I don't think anyone is against secure defaults, but many people have a problem with designs that say you must not even have an option to override.
burnt-resistor · 1h ago
It creates a Hobson's choice of no tinkering and less malware, or tinkering and greater risks from malware. There should be a "maintenance mode", but the onus of responsibility for breakage should be on the user for system update compatibility without the user being held hostage. This is a false choice and ostensible customizability. If the manufacturer wants to add an "OS warranty void sticker" flag because things maybe broken from tweaking, that's cool, but leaving the user less secure as punishment is wrong.
sprinkly-dust · 38m ago
It is my experience that this is what Google does with their Pixel phones. It is really quite simple to unlock the bootloader and do whatever you want on a Google Pixel you own (i.e unlocked, no carrier). They even give you this really handy Android flash tool which uses WebUSB to fully restore your device when you mess up. Heck, custom ROMs like GrapheneOS and CalyxOS are even able to sign their own images and allow you to lock the bootloader with a non Google OS.
However, all this comes with the caveat that SafetyNet will flay you alive. The cat and mouse game with Magisk and other methods to maintain root undetected is moot when I've used apps these days that make a fuss when you have developer settings enabled. To be honest, that seems acceptable to me, I can do what I want with my device, software vendors like banks and the like have a say in how I choose to access their more convenient services. I can play nice with them if I want, even using a second phone perhaps, but I have a choice.
bongodongobob · 2h ago
Yeah, that's rooting your phone. It should be a little difficult. You can do it. And it's good that most people don't.
gyello · 2h ago
The problem is not that rooting is difficult, it's that in most cases now it permanently renders parts of the phone inoperable or makes it impossible to use contactless payments or any banking apps or content streaming apps etc.
These additional restrictions are not there for security despite what we are told.
WarOnPrivacy · 1h ago
> it's that in most cases now it permanently renders parts of the phone inoperable or makes it impossible to use contactless payments or any banking apps or content streaming apps etc.
I've had to cloak the rooted state from an app or two or they'd choose to withhold functionality. That was a couple of phones ago. I've not had trouble with banking, payments, etc since.
charcircuit · 3h ago
Root access is an outdated security concept from the previous century. Trying to mandate such a concept is parroting UNIX propaganda. Users can be given control of devices without them having a "root" account.
WarOnPrivacy · 2h ago
> Users can be given control of devices without them having a "root" account.
Can be given control [by handset manufacturers] is an unfulfilled potential. And it will always be unfulfilled - because otherwise, users could protect themselves from manufacturers/providers foistware.
Given their reality, users root.
mrusme · 2h ago
How?
burnt-resistor · 2h ago
By having a "maintenance mode" that can be entered and left.
peterbraden · 1h ago
Maintenance mode == root
burnt-resistor · 1h ago
You're projecting your meaning of it, not mine. Not if it can't be undone in a way other than reinstalling everything. A mode that allows changing things with a temporary reduction of security system-wide and restoring them later, but putting all of the upgrade and support liability on the user without sacrificing functionality. Think VMware ESXi. If tech support wants to not support it, that's fine, but payments and such should still work.
realusername · 1h ago
Well maybe in theory but in practice they don't. How do I restrict or inspect what the Play Store is doing on my device at the moment without root?
throwaway290 · 1h ago
Stop parroting orthodox agenda without thinking of what it means. If everyone had root access it would be heaven for ransomware/spyware/malware operators.
Having root access is not in the interest OR benefit of most regular users. Rooting your phone is a footgun for 99% of people who install random apps and will get hacked and have their life savings transferred or ransomed.
For them the article does the right thing. For everyone else, like you or me, we will not care what this article says anyway.
That's why what Samsung does is double bad. Noot rooting phone is good hygiene if your phone respects you. But if it comes with malware then thats a stab in the back.
callc · 1h ago
> Having root access is not in the interest OR benefit of most regular users.
What about desktop OSes for the last 40/50 years?
Sure they aren’t the foam-padded locked down phone OSes, but isn’t this fear a case of leaving said padded room?
throwaway290 · 1h ago
Computer usage and consequently threat landscape went through a crazy change from 40/50 years ago. Desktops are a minority of devices. If you take personal devices even more so. Most people in the world with a computer have just a pocket one. Especially in WANA countries discussed
If you talk to regular non IT savvy people many of them don't bother and correctly assume that at some point it will "get a virus" or something. And it is fine for them because almost no one uses desktop for critical stuff like payment or finance. But majority do use phones for that. They jumped from cash straight to phones and now it's a lucrative attack vector.
Edit to reply because throttled by downvotes: yea I'm in your boat, we live in a bubble. It's hard to believe. But now I'm using a payment system that literally has "get app" on its site and no other way to manage money or even sign up. No one cares apparently.
And I see how it happened. Many people have no personal desktop computers. Many payment providers don't trust desktop computers because an ordinary person's windows machine is a malware breeder.
So many people in the world depend on mobile security (especially underprivileged people). Anyone who wants them all to get fucked for own libertarian ideal of "hardware ownership" is basically a psychopath to me. Especially considering that he is literally free to root his device and not create a problem for others, and yet he does.
mumbisChungo · 1h ago
>almost no one uses desktop for critical stuff like payment or finance.
I'm not saying this is wrong (in fact I assume it is accurate), but relative to my life experience this is crazy to me.
abtinf · 3h ago
Corporate propaganda? How out of touch can you be?
Seriously, you never had to provide tech support to a parent, relative, or friend whose computer got totally fucked because they had root?
You missed the countless stories about how no matter complex it is to turn off the protections, people will be tricked or forced into it? You’ve really never seen it first hand?
You people don’t know or have forgotten what a god damn wasteland computers were 20 years ago.
And equating root to ownership is laughable on its face. By that standard, root is never ownership for most people — the moment their machine is compromised because they had root and couldn’t protect, they’ve lost ownership.
akdev1l · 2h ago
> Seriously, you never had to provide tech support to a parent, relative, or friend whose computer got totally fucked because they had root?
Literally 0 here, have you really?
Like I literally do not know anyone who is even using Linux to begin with but also people do have “root” in their Windows and MacOS systems. I do not see anyone destroying their computers at random.
Also to steal someone’s information you don’t need root access or any administrative access - if you already tricked the user into running your code then you can steal their passwords or whatever, all of that is user-level data.
WarOnPrivacy · 1h ago
> Seriously, you never had to provide tech support to a parent, relative, or friend whose computer got totally fraked because they had root?
I accept this metric. It means non-rooted devices are unsafe.
I'm career IT support. In the entire age of smartphones, 100% of the malware/crapware I've seen was on non-rooted devices - most of it pushed on users by manufacturers, carriers and OS devs.
user_7832 · 3m ago
> I'm career IT support. In the entire age of smartphones, 100% of the malware/crapware I've seen was on non-rooted devices - most of it pushed on users by manufacturers, carriers and OS devs.
To add on, almost all the money people I know who have lost to scams have been through non-rooted devices. Sending an OTP or making a bank transfer because "you're under police investigation" is cheerfully easy even without the user knowing what "root" is.
Also see: the recent phish on Krebs (on security). A malicious email and entering a password to a webpage does not need root access, for better or worse. In fact, a rooted device might block your bank app, actually making money transfer scams tougher, ironically.
ulrikrasmussen · 1h ago
I cannot fathom how you can hold this position. It is such an authoritarian view to willingly give up control to let some higher power protect you, at the expense of having absolutely no way out of that higher power suddenly starts acting against your interests. Sure, when people are in control of their own lives they sometimes fuck up and get hurt, but that is absolutely not an excuse to take away their freedoms.
phito · 1h ago
... What? You make no sense. Just let users that know what they are doing root their device while normies stay in userland.
StanislavPetrov · 2h ago
>You people don’t know or have forgotten what a god damn wasteland computers were 20 years ago.
Computers were utopia 20 years ago as compared to today - especially when it comes to privacy, security and user-control.
burnt-resistor · 1h ago
20 years ago (2003-2006), Welchia, Blaster, Code Red... Windows boxes that weren't patched were infected within about 35 ± 5 seconds when connected to lightly-filtered Internet when it was still a capitalized proper noun. Ask me how I know and used JScript and psexec to mass remote into LAN machines to try to stop some of the madness and downtime.
throwanem · 2h ago
Spoken like someone who knew no one other than fellow practitioners in the field. My God, the 2000s were the Wild West in every kind of way - were you even there to see it? I note you do not say that you were.
burnt-resistor · 1h ago
That's fine if they weren't. Probably not cool to attack them personally though.
userbinator · 3h ago
There's something called "education", and by that I do not mean the propaganda that passes as such these days. Clearly you've drunk the Goog-Aid.
boramalper · 3h ago
I suspect a strong link between mass surveillance (by corporations for advertising or by states for intelligence purposes) and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.
Wherever you are from or whatever side of the conflict you are on, I think we can all agree that it’s never been easier to infer so much about a person from “semi-public” sources such as companies selling customer data and built-in apps that spy on their users and call home. It allows intelligence agencies to outsource intelligence gathering to the market, which is probably cheaper and a lot more convenient than traditional methods.
“Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.
FilosofumRex · 2h ago
Almost all of Iran's cell network system was originally installed by S. Korean firms. They've changed some to Chinese brands, but apparently the compromised S. Korean brands are still around.
Digital28 · 1h ago
Changing from SK to CN is a trade from intentional vulnerability to unintentional vulnerability. I’ve yet to see a secure piece of software come out of China in my 30+ years of coding.
mike_d · 2h ago
> I suspect a strong link between mass surveillance [...] and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.
We all like to imagine this super cool clandestine hacking operation using peoples mobile phones to secretly track people who visit nuclear facilities back to their homes.
The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.
htowi3j4324234 · 1h ago
If a state actor is after you, cookie and GAIA-id tracking should be the least of your concerns.
aussieguy1234 · 3h ago
Weather apps are one of the worst offenders here. Almost all share your location info with data brokers if you give them location access.
Check the weather today, get bombed tomorrow.
bongodongobob · 2h ago
Politicians are just the sales and marketing department for multinational corporations and defense contractors. They will never care.
grishka · 3h ago
The "unremovable" part is inaccurate. While you can't completely remove it because it resides on the system partition, you most probably can still disable it with an adb command:
adb shell pm uninstall --user 0 com.package.name
This command is very powerful as it works for any app, even those that have "disable" greyed out in the settings. I disabled the Galaxy Store on my S9 this way for example.
hysan · 3h ago
> "unremovable"
> you can't completely remove it
Maybe my English isn’t very good but that sounds like the definition of unremovable.
grishka · 2h ago
To be pedantic, yes, but not in a way that matters. The system partition is read-only. Mounting it read-write would require root and any modifications would break system updates. The apk will still be physically present in the file system, however, none of its code will run and it will be removed from your launcher and installed app list in settings, which IMO still counts as a removal.
Also, English is not my native language. I feel like I did get my point across anyway.
hmcq6 · 1h ago
It's not being pedantic. Disabling the application does not give me the storage space back.
If people are paying for upgrades to storage space it's completely reasonable for them to be annoyed by bloatware
grishka · 1h ago
The system partition is usually the same size regardless of which storage option of the same phone model you get.
bracketfocus · 1h ago
But if the system partition could be smaller, other partitions could be larger.
grishka · 59m ago
The system partition is made some fixed size, the same way disk partitioning works on PCs, and never resized, because resizing file systems is still a non-trivial task. It often has some free space too to accommodate future system updates.
On my 128 GB Pixel 9 Pro, /data is 109 GB. The rest is /system (although `df -h` doesn't show it explicitly, no idea what's up with that) and various other system-related partitions.
sedatk · 2h ago
There’s an enormous difference between “it can’t be stopped” and “its storage area can’t be reclaimed” though.
a012 · 3h ago
Your English is perfect. The GP is a fool to try down play it and proved themselves wrong in the same sentence
charcircuit · 3h ago
It's in a read only filesystem. You can't modify read only data, but you can choose to ignore it.
scalableUnicon · 2h ago
I had a Samsung phone and did the same with mine. Wrote a small tutorial here(https://harigovind.org/notes/removing-samsung-android-bloatw...). But even then, these apps will pop right back after system updates and those were becoming more frequent. I got rid of it shortly after, nowadays I use Moto where bloatwares are comparatively minimal.
AzzyHN · 3h ago
Yes, but for most people (I'd guess 99% or more), they would never know to use the above, and I'm those who did find a guide might have issues using adb on their likely Windows or MacOS machine.
ehnto · 1h ago
Don't even need that, you can disable it within the OS app settings.
awaisraad · 3h ago
Do you know if the same apps remain installed in "Secure Folder" as well?
The article leaves out quite a lot about what AppCloud is, but it's essentially how Samsung monetizes their non-flagship device users and can do things like insert installation advertisements into the notification tray, and silently install apps.
Personally, if I found this on my device it'd be the final straw to grit my teeth and finally get a personal apple device.
andrewflnr · 3h ago
Or just don't get Samsung? I guess I don't know for sure that my phone brand doesn't do anything similar, but it at least hasn't hit the news yet.
boramalper · 3h ago
> AppCloud—pre-installed on Samsung’s A and M series smartphones.
Samsung’s A and M series smartphones are their cheapest models so their buyers probably cannot afford better phones. I don’t know of any other brands selling in the region with similarly priced models that have better privacy practices than Samsung either—they’re all the same at that price point I’m afraid.
anonymars · 3h ago
In my case I wanted a damn SD card slot. And more than 2 years of security updates.
lmm · 26m ago
Sony still sells flagship phones with an SD slot. I wish my Xperia was cheaper but other than that I'm very happy with it.
pomian · 1h ago
Motorola. Plus it still has an audio port.
imp0cat · 1h ago
Ano now you see why Samsung is able to provide all that at an attractive price. The real costs are hidden.
more-nitor · 46m ago
hmm have you actually read the article? did you find anything of "substance" other than hand-wavy "this company is from israel, so must be mosad" or "has notorious for its questionable practices" (without even giving actual examples or incidents)?
I mean, if I was the mosad guy planting a deal with samsung, I wouldn't even name the app "AppCloud"
heck, why would you even make it appear to the user?
this is a classic competitor-bashing article -- no substance, only hand-wavy "this guys bad!"
I'm guessing this can be traced to others like xiami/huawei/etc who definitely want to get samsung's slice of the market there
hedora · 3h ago
Looking around, you can get an A series or unlocked iPhone 13 new from a prepaid mvno for $0.
A refurbished iPhone 13 is $300 on amazon, which is close to the cheapest M ($250). I can’t find new 13’s for sale except via budget carriers.
(Sent from my 12 mini which is better than all that followed it: $200-ish for excellent condition, refurbished.)
boramalper · 2h ago
> A refurbished iPhone 13 is $300 on amazon
Is this Amazon US? Because even in Ireland, iPhone 16 costs 41% higher than in the US (979 EUR = 1,128 USD in Ireland vs 799 USD in the US).
bigyabai · 3h ago
You're better off getting a preowned Pixel to flash with a secure ROM in this scenario. Getting an iPhone won't help if you if later down the line Apple decides to push an OTA update that forces the same functionality. A Pixel won't protect you from every vulnerability, but it goes much further towards stopping these sorts of attacks than the iPhone does.
Now hey, I won't suggest that Apple would stoop as low as Samsung has here. But discerning customers might not want Tim Apple's phone if he's been cozying up to a crusty politician that can remember to stay for dinner but can't recall his name.
aucisson_masque · 1h ago
All Android phone but pixel ones have bloatware preinstalled. Some are worst, like Xiaomi.
If you don’t want bloatware (spyware), it’s either pixel or iPhone.
burnt-resistor · 1h ago
The trick is to define "bloatware". Is that known knowns (stuff that's visible), known unknowns (stuff that's added that's not visible), and/or unknown unknowns (stuff added we are pretty sure is there but can't prove)? Apple adds all kinds of carrier-specific crap on every phone, but it's not readily discoverable. Android mfgrs must also because of carrier contracts and country-specific regulatory approval requirements. There's likely little means of escaping this without a BYOD non-Android, non-overseas, non-Apple phone that may or may not exist. Surely there is an obvious, viable alternative somewhere I'm missing that I hope exists.
akersten · 3h ago
In my experience, Samsung is a label that means "stay far, far away." From the Galaxy Note fiasco to my microwave to my dishwasher to ... Probably at least three other products before I learned my lesson.
I even refuse to buy QD-OLED monitors out of indignation that Samsung makes the panels. Maybe I'm alone but maybe one day we'll boycott lousy companies out of business.
anonymars · 3h ago
In favor of what? The Android ecosystem is pretty lousy. Which manufacturers allow you to easily migrate to a new phone (Samsung has Smart Switch) and have, let's say, 4+ years of security updates?
Genuine question.
In my case I also wanted an SD card slot so it was slim slim pickings indeed. (And still there are some misfits who insist that there is no such thing as progress!)
tock · 2h ago
I love the phones Nothing makes. And they are offering five years of Android updates and seven years of security upgrades on their upcoming Nothing phone 3.
ryukoposting · 2h ago
LG back in the day. I miss my V20. What a weird, but wonderful phone.
blacksmith_tb · 3h ago
I have a Samsung clothes washer and a drier, they've been solid (but they aren't net-enabled... luckily).
Gigachad · 3h ago
Samsung phones have been filled with preinstalled spyware since the beginning. Outside of fairly unusable Linux phones, Apple seems to be the only one taking privacy seriously.
compootr · 3h ago
manufacturers aside, grapheneos and lineage work well because of Google's work on their phones
sitzkrieg · 1h ago
apple privacy is marketing but ok
int_19h · 1h ago
If it's mostly marketing, why was Facebook so up in arms about forced opt-in for tracking in iOS?
makeitdouble · 3h ago
> Galaxy Note fiasco
Has any smartphone maker succeeded in getting more than a few percent of market share, released more that 2 phones while being immune to that level of fiasco ?
No comments yet
the-anarchist · 3h ago
As this post is trending quicker and more than I would have expected it to, I would like to add to this story:
It appears to be a similar case across the MENA region. While the SMEX post primarily focuses on WANA, it is possible to find other reports (e.g. [1]) from the MENA region that describe similar practices by Samsung. There, however, the stories talk about "Aura", rather than "AppCloud".
Same same. SMEX is based in Lebanon — (S)WANA is an obnoxious term that’s going around for MENA.
Mistletoe · 3h ago
We don't know what any of these acronyms mean!
hmcq6 · 1h ago
MENA - Middle East & North Africa
WANA - West Asia & North Africa
SMEX - "a non-profit that advocates for and advances human rights in digital spaces across West Asia and North Africa." (from their website)
more-nitor · 32m ago
"non-profit" doesn't mean "this guys are morally right and only conveys truths"
it just means that they don't pay taxes
bapak · 1h ago
"Arab countries"
eddythompson80 · 3h ago
What is the difference between WANA and MENA. Sounds like the same territory
the-anarchist · 3h ago
Yes, but, no. It's one of these things where multiple terms mean the same thing but then again come from different times/areas and, upon closer inspection, mean different things. But they're the same. But not really. [1]
A.k.a. I tried to be as politically correct and cite the term used by the respective reporting. The main point I was trying to bring across was that apparently there are two apps involved, not only a single one.
Ah, I see. Trying to find a way to include Pakistani, Afghanistan, Somalia i.e non-Arab or Persian Muslim states in the vicinity.
ehnto · 1h ago
Was installed on my device bought in Australia as well.
anshumankmr · 32m ago
I observed this when I purchased a Samsung phone in 2022. My phone cost 35K INR. Even I found it alarming, apart from having bs apps pre-loaded. Switched to an iPhone a year or so later. Never looked back.
thenthenthen · 2h ago
AppCloud, developed by the controversial Israeli-founded company ironSource (now owned by the American company Unity)
Yes the Unity 3D engine company wow.
willtemperley · 1h ago
So Unity can now be considered malware by association.
more-nitor · 28m ago
lol the article simply doesn't have 0.000001 ounce of substance
"this company is from israel (so must be mosad)" or "has notorious for its questionable practices" (without even giving actual examples or incidents)?
I mean, if you're the mosad guy making a deal with samsung, why would you even make it appear to the user?
this is a classic competitor-bashing article -- no substance, only hand-wavy "this guys bad!"
"non-profit" doesn't make "smex" the morally-right side of the game. it just means they don't pay taxes and receive donations...
maybe it's time to trace where those donation money comes from?
smells like competitors (xiaomi, huawei) who wants to take a cut from samsung?
0rzech · 1h ago
Same thing in Europe and North America. AppCloud is present on Samsung devices. Sometimes from the get go, sometimes after system update, sometimes after security update (the irony of that!). Carrier-locked or not, it doesn't matter. Sometimes it's visible only after switching the "Show system applications" toggle on application list in device settings. There are many people reporting that their Galaxy S series phones have it too. This AppCloud stuff is absolutely outrageous!
ehnto · 1h ago
Samsung Phone on Australia, it was present on my device also. So not just West Asia and Africa.
I was able to disable it but not remove it, unclear if it will re-enable itself. It had sent about 35mb of data since March 1st, and was enabled as a background service.
b0a04gl · 2h ago
we're past the point of blaming carriers or oems individually. the entire supply chain is complicit. you want clean firmware? you either flash it yourself or buy from the handful of vendors that haven't sold out yet. that’s where we are
ArtTimeInvestor · 1h ago
I sometimes think that "track record" is the main value of Google and Apple. They have been around for decades, and except in their own interest to collect data for themselves, I am not aware of any blatant privacy violations of these companies. And one can hope that in their own interest, they keep it that way. That's not great, but it's better than the other companies.
I don't see how any company can compete with this unless they somehow figure out how to make a vastly superior product.
bapak · 1h ago
What's your definition of "collect data for themselves?" Because both do, albeit in substantially different amounts.
mightyrabbit99 · 1h ago
The only phone brands that I am aware of which sells phones that are able to be rooted are Samsung and Xiaomi. I'm also in need of a phone that has an SD card slot so I don't see myself switching to any other brand.
Abishek_Muthian · 1h ago
Even in India the entry level Samsung phones are subsidised by bloatwares, Unfortunately there’s not many options for an entry level phone with regular updates.
So the question is who would we like to be exploited by?
bdavbdav · 6m ago
Is this where we discover we’ve got another Pegasus preloaded.
ggm · 3h ago
Would sufficient people change purchase decisions in ways which they could recognise this as a root cause?
nguyenkien · 25m ago
There not much of choice if you don't have money.
hd4 · 1m ago
it's now a case of choosing between who you least care about spying on you - think I'll choose a Chinese phone next time, at least they're not currently engaged in genociding children
theyinwhy · 1h ago
Should we expect to have trojans in every unity game now?
OutOfHere · 3h ago
Samsung currently has an unremovable spyware app on North American phones that pastes (records) everything copied to the clipboard by any app. It is the Samsung Keyboard app. It cannot be removed. It doesn't matter if you're using any other keyboard app. Samsung Keyboard pastes (records) everything that gets copied to the clipboard by any app. The Samsung Keyboard app cannot even be disabled from Android.
As an aside, I recall getting a lot more ads when I used Samsung Keyboard.
noisy_boy · 2h ago
Sometimes I will see a small random "copied" floating notification (not in the notification tray) and I always wondered where it came from. Maybe they have put in some code to suppress it but due to some bug, it leaks out. No proof but I can only hypothize.
bapak · 1h ago
Every day it feels like regulators need to increase enforcement by an order of magnitude. For every fine they dish out, 10 more abuses go unnoticed.
gmerc · 3h ago
If anyone needed another reason to stay the fuck away from Unity
sneak · 4h ago
Buying a device that only runs OEN Android is ridiculous for this exact reason.
We need to decouple phone hardware from phone software, as we did with computers.
bilkow · 3h ago
We do, but I don't see it happening anytime soon. Many banking / government apps and even some games use the Play Integrity API, which AFAIK is starting to require remote attestation for newer devices.
As it's usually not viable to opt-out of those, the solution seems to be having a separate device.
ingohelpinger · 3h ago
we need a satslink now!
Atlas667 · 2h ago
THEY WILL TARGET YOU too if you ever find yourself against western and/or Israeli interests.
Capitalist technologies are the surveillance state incarnate. They must study people in order to manufacture consent.
Remember democracy is majority rule, when have you ever had true control over your political destiny? You KNOW the answer is never.
Democracy =/= trust.
Democracy = control.
winnie112 · 4h ago
New information.
TiredOfLife · 1h ago
"Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize."
TZubiri · 1h ago
"AppCloud is developed by ironSource, an Israel-founded company (now acquired by American company Unity)"
I did not expect the thing I made games with as a teen to be involved in a global war.
Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.
These restrictions extend outside the particular device. It must also be illegal as a commercial entity to enforce security schemes which involve remote attestation of the software stack on the client device such that service providers can refuse to service clients based on failing attestation. Service providers have other means of protecting themselves, taking away users control of their own devices is a heavy handed and unnecessarily draconian approach which ultimately only benefits the ad company that happens to make the software stack since they also benefit from restricting what software users can run. Hypothetically, they might be interested in making it impossible to modify video players to skip ads.
Won't this also forbid virus scanners that quarantine files?
> This pertains to all programmable components on the device, including low-level hardware controllers.
I don't think it's reasonable to expect any manufacturer to uphold a warranty if making unlimited changes to the system is permitted.
Especially in Africa, where privacy and consumer rights are probably less relevant than the US/EU.
Similarly it is pretty messed up when people say stuff like “fire can burn you if you aren’t careful” because so many people rely on fire for food and warmth.
I am all for right to repair and ownership and whatnot, but I really think you underestimate how little people care about basic security and the baseline aptitude with computers.
I'm not trying to be the jaded IT person, but if you've never worked in IT, you have no idea how helpless and clueless people really are with electronics. They could be a brilliant engineer but want to install The Shopping Plus App that will give them Great Super Deals And Savings!
Edit: I should clarify, this is a bad thing, but giving everyone easy root on their phones isn't the solution and would have far worse outcomes.
However, all this comes with the caveat that SafetyNet will flay you alive. The cat and mouse game with Magisk and other methods to maintain root undetected is moot when I've used apps these days that make a fuss when you have developer settings enabled. To be honest, that seems acceptable to me, I can do what I want with my device, software vendors like banks and the like have a say in how I choose to access their more convenient services. I can play nice with them if I want, even using a second phone perhaps, but I have a choice.
These additional restrictions are not there for security despite what we are told.
I've had to cloak the rooted state from an app or two or they'd choose to withhold functionality. That was a couple of phones ago. I've not had trouble with banking, payments, etc since.
Can be given control [by handset manufacturers] is an unfulfilled potential. And it will always be unfulfilled - because otherwise, users could protect themselves from manufacturers/providers foistware.
Given their reality, users root.
Having root access is not in the interest OR benefit of most regular users. Rooting your phone is a footgun for 99% of people who install random apps and will get hacked and have their life savings transferred or ransomed.
For them the article does the right thing. For everyone else, like you or me, we will not care what this article says anyway.
That's why what Samsung does is double bad. Noot rooting phone is good hygiene if your phone respects you. But if it comes with malware then thats a stab in the back.
What about desktop OSes for the last 40/50 years?
Sure they aren’t the foam-padded locked down phone OSes, but isn’t this fear a case of leaving said padded room?
If you talk to regular non IT savvy people many of them don't bother and correctly assume that at some point it will "get a virus" or something. And it is fine for them because almost no one uses desktop for critical stuff like payment or finance. But majority do use phones for that. They jumped from cash straight to phones and now it's a lucrative attack vector.
Edit to reply because throttled by downvotes: yea I'm in your boat, we live in a bubble. It's hard to believe. But now I'm using a payment system that literally has "get app" on its site and no other way to manage money or even sign up. No one cares apparently.
And I see how it happened. Many people have no personal desktop computers. Many payment providers don't trust desktop computers because an ordinary person's windows machine is a malware breeder.
So many people in the world depend on mobile security (especially underprivileged people). Anyone who wants them all to get fucked for own libertarian ideal of "hardware ownership" is basically a psychopath to me. Especially considering that he is literally free to root his device and not create a problem for others, and yet he does.
I'm not saying this is wrong (in fact I assume it is accurate), but relative to my life experience this is crazy to me.
Seriously, you never had to provide tech support to a parent, relative, or friend whose computer got totally fucked because they had root?
You missed the countless stories about how no matter complex it is to turn off the protections, people will be tricked or forced into it? You’ve really never seen it first hand?
You people don’t know or have forgotten what a god damn wasteland computers were 20 years ago.
And equating root to ownership is laughable on its face. By that standard, root is never ownership for most people — the moment their machine is compromised because they had root and couldn’t protect, they’ve lost ownership.
Literally 0 here, have you really?
Like I literally do not know anyone who is even using Linux to begin with but also people do have “root” in their Windows and MacOS systems. I do not see anyone destroying their computers at random.
Also to steal someone’s information you don’t need root access or any administrative access - if you already tricked the user into running your code then you can steal their passwords or whatever, all of that is user-level data.
I accept this metric. It means non-rooted devices are unsafe.
I'm career IT support. In the entire age of smartphones, 100% of the malware/crapware I've seen was on non-rooted devices - most of it pushed on users by manufacturers, carriers and OS devs.
To add on, almost all the money people I know who have lost to scams have been through non-rooted devices. Sending an OTP or making a bank transfer because "you're under police investigation" is cheerfully easy even without the user knowing what "root" is.
Also see: the recent phish on Krebs (on security). A malicious email and entering a password to a webpage does not need root access, for better or worse. In fact, a rooted device might block your bank app, actually making money transfer scams tougher, ironically.
Computers were utopia 20 years ago as compared to today - especially when it comes to privacy, security and user-control.
Wherever you are from or whatever side of the conflict you are on, I think we can all agree that it’s never been easier to infer so much about a person from “semi-public” sources such as companies selling customer data and built-in apps that spy on their users and call home. It allows intelligence agencies to outsource intelligence gathering to the market, which is probably cheaper and a lot more convenient than traditional methods.
“Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.
We all like to imagine this super cool clandestine hacking operation using peoples mobile phones to secretly track people who visit nuclear facilities back to their homes.
The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.
Check the weather today, get bombed tomorrow.
> you can't completely remove it
Maybe my English isn’t very good but that sounds like the definition of unremovable.
Also, English is not my native language. I feel like I did get my point across anyway.
If people are paying for upgrades to storage space it's completely reasonable for them to be annoyed by bloatware
On my 128 GB Pixel 9 Pro, /data is 109 GB. The rest is /system (although `df -h` doesn't show it explicitly, no idea what's up with that) and various other system-related partitions.
https://web.archive.org/web/20250506145643/https://smex.org/...
The article leaves out quite a lot about what AppCloud is, but it's essentially how Samsung monetizes their non-flagship device users and can do things like insert installation advertisements into the notification tray, and silently install apps.
Personally, if I found this on my device it'd be the final straw to grit my teeth and finally get a personal apple device.
Samsung’s A and M series smartphones are their cheapest models so their buyers probably cannot afford better phones. I don’t know of any other brands selling in the region with similarly priced models that have better privacy practices than Samsung either—they’re all the same at that price point I’m afraid.
I mean, if I was the mosad guy planting a deal with samsung, I wouldn't even name the app "AppCloud"
heck, why would you even make it appear to the user?
this is a classic competitor-bashing article -- no substance, only hand-wavy "this guys bad!"
I'm guessing this can be traced to others like xiami/huawei/etc who definitely want to get samsung's slice of the market there
A refurbished iPhone 13 is $300 on amazon, which is close to the cheapest M ($250). I can’t find new 13’s for sale except via budget carriers.
(Sent from my 12 mini which is better than all that followed it: $200-ish for excellent condition, refurbished.)
Is this Amazon US? Because even in Ireland, iPhone 16 costs 41% higher than in the US (979 EUR = 1,128 USD in Ireland vs 799 USD in the US).
Now hey, I won't suggest that Apple would stoop as low as Samsung has here. But discerning customers might not want Tim Apple's phone if he's been cozying up to a crusty politician that can remember to stay for dinner but can't recall his name.
If you don’t want bloatware (spyware), it’s either pixel or iPhone.
I even refuse to buy QD-OLED monitors out of indignation that Samsung makes the panels. Maybe I'm alone but maybe one day we'll boycott lousy companies out of business.
Genuine question.
In my case I also wanted an SD card slot so it was slim slim pickings indeed. (And still there are some misfits who insist that there is no such thing as progress!)
Has any smartphone maker succeeded in getting more than a few percent of market share, released more that 2 phones while being immune to that level of fiasco ?
No comments yet
It appears to be a similar case across the MENA region. While the SMEX post primarily focuses on WANA, it is possible to find other reports (e.g. [1]) from the MENA region that describe similar practices by Samsung. There, however, the stories talk about "Aura", rather than "AppCloud".
[1] https://www.moroccoworldnews.com/2025/06/212144/samsung-embe...
WANA - West Asia & North Africa
SMEX - "a non-profit that advocates for and advances human rights in digital spaces across West Asia and North Africa." (from their website)
it just means that they don't pay taxes
A.k.a. I tried to be as politically correct and cite the term used by the respective reporting. The main point I was trying to bring across was that apparently there are two apps involved, not only a single one.
[1] https://en.wikipedia.org/wiki/Middle_East_and_North_Africa
Yes the Unity 3D engine company wow.
"this company is from israel (so must be mosad)" or "has notorious for its questionable practices" (without even giving actual examples or incidents)?
I mean, if you're the mosad guy making a deal with samsung, why would you even make it appear to the user?
this is a classic competitor-bashing article -- no substance, only hand-wavy "this guys bad!"
"non-profit" doesn't make "smex" the morally-right side of the game. it just means they don't pay taxes and receive donations...
maybe it's time to trace where those donation money comes from? smells like competitors (xiaomi, huawei) who wants to take a cut from samsung?
I was able to disable it but not remove it, unclear if it will re-enable itself. It had sent about 35mb of data since March 1st, and was enabled as a background service.
I don't see how any company can compete with this unless they somehow figure out how to make a vastly superior product.
So the question is who would we like to be exploited by?
As an aside, I recall getting a lot more ads when I used Samsung Keyboard.
We need to decouple phone hardware from phone software, as we did with computers.
As it's usually not viable to opt-out of those, the solution seems to be having a separate device.
Capitalist technologies are the surveillance state incarnate. They must study people in order to manufacture consent.
Remember democracy is majority rule, when have you ever had true control over your political destiny? You KNOW the answer is never.
Democracy =/= trust.
Democracy = control.
I did not expect the thing I made games with as a teen to be involved in a global war.