{“lastseen”:”2025-11-20T22:05:07″,”description”:”A controversy over data-gathering software secretly installed on Samsung phones has erupted again after a new accusatory post appeared on X last week.\\n\\nIn the post on the social media site, cybersecurity newsletter International Cyber Digest warned about a secretive application called AppCloud that Samsung had allegedly put on its phones. The software was, it said,\\n\\n\\u003e \\”unremovable Israeli spyware.\\”\\n\\nThis all harks back to May, when digital rights group SMEX published an open letter to Samsung. It accused the company of installing AppCloud on its Galaxy A and M series devices, although stopped short of calling it spyware, opting for the slightly more diplomatic \\”bloatware\\”.\\n\\nThe application, apparently installed on phones in West Asia and North Africa, did more than just take up storage space, though.According to SMEX, it collected sensitive information, including biometric data and IP addresses.\\n\\nSMEX\u2019s analysis says the software, developed by Israeli company ironSource, is deeply integrated into the device\u2019s operating system. You need root access to remove it, and doing so voids the warranty.\\n\\nSamsung has partnered with ironSource since 2022, carrying the its Aura toolkit for telecoms companies and device maker in more than 30 markets, including Europe. The pair expanded the partnership in November 2022\u2014the same month that US company Unity Technologies (that makes the Unity game engine) completed its $4.4bn acquisition of ironSource. That expansion made ironSource \\n\\n\\u003e \\”Samsung\u2019s sole partner on newly released A-series and M-series mobile devices in over 50 markets across MENA – strengthening Aura\u2019s footprint in the region.\\”\\n\\nSMEX’s investigation of ironSource’s products points to software called Install Core. It cites our own research of this software, which is touted as an advertising technology platform, but can install other products without the user’s permission.\\n\\nAppCloud wasn’t listed on the Unity\/Ironsource website this February when SMEX wrote its in-depth analysis. It still isn’t. It also doesn\u2019t appear on the phone\u2019s home screen. It runs quietly in the background, meaning there\u2019s no privacy policy to read and no consent screen to click, says SMEX.\\n\\nScreenshots shared online suggest AppCloud can access network connections, download files at will, and prevent phones from sleeping. However, this does highlight one important aspect of this software: While you might not be able to start it from your home screen or easily remove it, you can disable it in your application list. Be warned, though; it has a habit of popping up again after system updates, say users.\\n\\n## Not Samsung’s first privacy controversy\\n\\nThis isn’t Samsung’s first controversy around user privacy. Back in 2015, it was criticized for warning users that some smart TVs could listen to conversations and share them with third parties.\\n\\nNeither is it the first time that budget phone users have had to endure pre-installed software that they might not have wanted. In 2020, we reported on malware that was pre-installed on budget phones made available via the US Lifeline program.\\n\\nIn fact, there have been many cases of pre-installed software on phones that are identifiable as either malware or potentially unwanted programs. In 2019, Maddie Stone, a security researcher for Google’s Project Zero, explained how this software makes its way onto phones before they reach the shelves. Sometimes, phone vendors will put malware onto their devices after being told that it’s legitimate software, she warned. This can result in botnets like Chamois, which was built on pre-installed malware purporting to be from an SDK.\\n\\nOne answer to this problem is to buy a higher-end phone, but you shouldn’t have to pay more to get basic privacy. Budget users should expect the same level of privacy as anyone else. We wrote a guide to removing bloatware\u2014 it’s from 2017, but the advice is still relevant. \\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2025-11-20T21:30:00″,”modified”:”2025-11-20T21:30:00″,”type”:”malwarebytes”,”title”:”Budget Samsung phones shipped with unremovable spyware, say researchers”,”source”:””,”references”:””,”id”:”MALWAREBYTES:91216603B1A1B77852302AA15C5D0B73″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/budget-samsung-phones-shipped-with-unremovable-spyware-say-researchers”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-20T22:05:07″,”description”:”A controversy over data-gathering software secretly installed on Samsung phones has erupted again after a new accusatory post appeared on X last week.\\n\\nIn the post…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-27015","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n