Samsung Galaxy smartphones, popular in the West Asia and North Africa (WANA) region, come with more than just useful apps they include hidden software that spies on users.
A recent open letter from digital rights group SMEX highlights AppCloud, a pre-installed bloatware app on A and M series devices.
This app collects personal data without permission and can’t be easily deleted, raising serious privacy alarms.
Users in countries like Lebanon and others in WANA have reported the app’s presence since Samsung’s 2022 partnership with ironSource, an Israeli-founded company now owned by U.S.-based Unity.
Sold through local carriers, these devices force AppCloud onto buyers with no opt-out option during setup.
SMEX calls it “invasive” spyware, embedded deep into Android’s system framework, making removal a nightmare for non-experts.
The Technical Intrusions Of AppCloud
AppCloud isn’t just extra storage it’s a data harvester integrated into the firmware.
Technically, it hooks into Android’s PackageManager and Accessibility Services, granting it permissions to access sensitive info without explicit user consent.
This includes biometric data from the device’s sensors, IP addresses for location tracking, and device fingerprints unique identifiers that combine hardware specs (e.g., CPU model, screen resolution) and software versions.
Once active, AppCloud runs background processes that monitor app usage, browsing habits, and even keystrokes via input method editors if permissions allow.
Data is funneled to IronSource servers, potentially for ad targeting or analytics. However, its opaque privacy policy reveals nothing about encryption standards or data retention.
No GDPR-compliant notices appear, violating EU data laws that extend influence in WANA via trade.
Even turning it off via Settings > Apps fails; system updates from Samsung’s Knox security platform reinstall it, as it’s allowed in the ROM (Read-Only Memory).
For tech-savvy users, uninstalling requires rooting the device gaining superuser access via tools like Magisk.
This involves unlocking the bootloader, flashing a custom recovery, and editing system partitions.
However, it voids the warranty and exposes the phone to malware by turning off verified boot.
In regions with anti-Israeli business laws, like Lebanon’s 1955 boycott statute, this setup adds legal risks, as ironSource’s origins tie into broader geopolitical tensions.
SMEX’s analysis, based on reverse-engineering affected devices, shows AppCloud evades detection by masquerading as a system update service.
It doesn’t request runtime permissions post-install, relying on manufacturer-granted privileges.
This mirrors supply-chain attacks in cybersecurity, in which trusted hardware is embedded with backdoors.
Calls For Accountability
The open letter, published May 5, 2025, demands that Samsung disclose AppCloud’s full data practices, enable safe removal, and halt future installations.
It cites Article 12 of the Universal Declaration of Human Rights on privacy and requests a meeting with Samsung executives.
With Samsung holding over 30% market share in MENA, the impact is enormous millions could be at risk of data breaches or targeted surveillance.
Experts warn that this erodes trust in Android’s security model, especially amid rising spyware threats such as Pegasus.
Users should check for AppCloud in app lists and avoid granting extra permissions.
However, true fixes require Samsung’s action as WANA users voice concerns on social media and pressure mounts for change.
 region, come with more than just useful apps they include hidden){kind=link}