EXPOSED: Samsung phones embedded with ‘unremovable’ Israeli spyware

Social Media Exchange (SMEX), a nonprofit digital human rights organisation focusing on the West Asia/North Africa (WANA) region, has warned people living in these regions that an effective spyware app developed by an Israeli firm is quietly embedded in Samsung smartphones across the region and poses a serious surveillance threat.

Samsung phones: embedded with Israeli spyware

SMEX has written publicly to Samsung complaining that its A and M series mid-range handsets either come with the ‘Aura’ app already installed or installs it automatically through system updates without user consent – and demanding it end the practice. This ‘bloatware’ application, according to SMEX:

collects sensitive personal data, cannot be removed without compromising device security, and offers no clear information about its privacy practices.

SMEX warns that this data can easily be misused to identify users, particularly if location tracking is enabled on any apps installed via Aura, creating a serious security threat in a region – even more so in a region where Israel has repeatedly used technology either to spy on users or to target them for assassination.

The app’s privacy settings claim that users can disable this data collection by turning off “AppCloud” in the app list. But, according to SMEX, deletion requires the user to submit a form that does not exist, making it impossible to fully remove, at least without advanced technical expertise.

Collecting biometric info, IP addresses, and fingerprints without consent

​​Since 2022, Samsung in the region has partnered with Israeli tech company ironSource to integrate the software into phones across the region, supposedly to “enhance user experience”. In its letter to Samsung, SMEX describes the firm as “notorious” and the software as “impossible” to remove:

According to our analysis, this intrusive software is unremovable, deeply integrated into the devices’ operating system, making it nearly impossible for regular users to uninstall it without root access, which voids warranties and poses security risks. Even disabling the bloatware is not effective as it can reappear after system updates.

The privacy policy is opaque, there is no accessible and transparent privacy policy for this bloatware and users are in the dark about what data is collected and how it is used. There is also no straightforward opt-out mechanism. The bloatware collects sensitive user data, including biometric information, IP addresses, device fingerprints.

The installation of AppCloud is done without any consent from the user, which violates GDPR provisions in the EU and relevant data protection laws in the WANA region states.

AppCloud is developed by ironSource, an Israel-founded company (now acquired by American company Unity), raising additional legal and ethical concerns in countries where Israeli companies are barred from operating, such as Lebanon. ironSource is notorious for its questionable practices regarding user consent and data privacy.

The scandal is reminiscent of the ‘Pegasus’ spyware scandal involving Israeli hacks into the ‘WhatsApp’ messaging programme, reportedly spying on human rights activists, senior government and UN officials, including in Europe, and allegedly used in the murder of Saudi journalist Jamal Khashoggi.

Feature image via the Canary.