Wherever you are from or whatever side of the conflict you are on, I think we can all agree that it’s never been easier to infer so much about a person from “semi-public” sources such as companies selling customer data and built-in apps that spy on their users and call home. It allows intelligence agencies to outsource intelligence gathering to the market, which is probably cheaper and a lot more convenient than traditional methods.
“Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.
Yes, privacy is a question of civil defense in the drone age. But the existing crop of states will never acknowledge that; their structure and institutions presume precisely the kind of mass databases of PII that create this vulnerability, as well as institutional transparency for public accountability. This makes them structurally vulnerable to insurgencies that expropriate those databases for targeting. The existing states will continue to clutch at their fantasies of adequately secured taxpayer databases until their territorial control (itself an anachronism in the drone age; boots on the ground can no longer provide security against things like Operation Spiderweb) has been reduced to a few fortified clandestine facilities.
Things are going to be very unpredictable and, I suspect, extremely violent.
Here is how Pegasus seems: - China has 1.5 billion people, lots of resources, would profit a lot economically if they found a way to hack iOS, etc. But yet couldn't hack it. - Israel with its 7 million people, not only hacks iOS multiple times, but does it to spy on its allies.
Now I've seen the threads analysing Pegasus' complexity, I don't know if it's been reproduced, and if it has then I guess it logically proves me wrong (the tinfoil hatter in me still thinks its right though).
Here is why:
Israel has a lot of silicon fabs or R&D centers, now it makes ZERO sense for the US to have fabs or R&D centers in Israel, since that country is (allegedly) always at the risk of being bomber for no reason at all (yeah right).
Intel has had fabs in Israek since the 80s, why not in Japan or France or the UK (France and the UK are close allies to the US and have no earthquakes or risk of being bombed), why not even Canada?
And I compared the dates of when intel started putting the Intel Management Engine in all of their CPU and the date of which they built their biggest fab in Israel, then I went down the rabbit hole of when AMD started using PSP (similar tech to Intel ME), and it coinciding with it buying a large pentesting startup in Israel, then starting to build its R&D centers there, Apple and Qualcomm have similar stories.
Obviously this is all tinfoil, and while the dates coincide it's obviously not enough.
But to each their own, and I choose to treat my tech as if it was all was backdoored already, because for me the evidence (while not enough to be sure) is enough for how much I value my privacy.
What makes you think China can't hack iOS?
- the smaller country hacked ios, have to sell it to recoup r&d costs, got caught many times.
- the larger country hacked ios, don't need to sell it around, haven't been caught.
That you know of. Maybe they just don't indiscriminately sell the results to anybody who shows they have money. Or maybe they have different strategies for spying.
> - Israel with its 7 million people, not only hacks iOS multiple times,
NSO and friends find zero-days or buy them on the open market (not just from Israel). Citizen Lab has identified specific vulnerabilities used to install Pegasus. The exploits don't require or use CPU back doors.
... and you think Israel's smaller population somehow translates into better infiltrators than China has, but not better hackers than China has? Israel also makes better halva than China, by the way.
That kind of "logic" is what turns you into a loony raving on a street corner somewhere.
> but does it to spy on its allies.
Everybody spies on their allies, at least opportunistically. But Pegasus is a commercial product, sold to basically every government and mostly used to spy on normal people, not other governments. The people writing it have ties to Israeli spies, and I'm sure it's been used by Israeli spies, but it's general-purpose.
> Israel has a lot of silicon fabs
As far as I can tell, Israel has one facility capable of making remotely serious CPUs. It's owned by Intel. There are no phones using Intel processors.
The processors in iPhones are "Designed by Apple in Cupertino" and fabbed by TSMC in Taiwan. The processors in basically all other phones are ARM, and most of them also come from TSMC. Pegasus does not run on Intel processors, ever.
> And I compared the dates of when intel started putting the Intel Management Engine in all of their CPU and the date of which they built their biggest fab in Israel
So the fab somehow reached out into the rest of Intel and retroactively caused it to develop a heavily advertised feature?
We all like to imagine this super cool clandestine hacking operation using peoples mobile phones to secretly track people who visit nuclear facilities back to their homes.
The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.
If there are spies in foreign countries going around offering life-changing sums of money for USB sticks, which people are accepting
is it not also plausible that folks at google/samsung/apple/aws/cloudflare/microsoft are getting offered life-changing sums of money for leaving their work-from-home laptop unattended for 5 minutes?
In addition, saying that
> someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university
is an oversimplification on multiple levels:
1. Low-level employees typically don't have access to sensitive information.
2. With human intelligence, there is always a risk that the person you (e.g. Israel) are in touch with (e.g. an Iranian officer) who pretends to be a "double agent" (e.g. leaking info to Israel), is in fact a "triple agent" (e.g. actually working for Iran to mislead Israel).
3. You can send your kids to foreign universities but not your siblings, your parents, your wife's family, and so on... Some of your beloved ones are almost certain to suffer the consequences of your actions. High treason is no joke.
Check the weather today, get bombed tomorrow.
What's "just" a war crime amongst friends?
Anyone who runs a country, especially senior politicians, just shouldn't have a standard mobile.
It should be a built from the ground up phone by your own countries government services. Running GrapheneOS or something.
And you shouldn't have a second phone to have your affairs either.
We, the people, need to demand and force our politicians to work for us.
The gop is controlled by donors who are mostly free market liberals. Elon won’t let anyone “censor” (regulate) x. The democrats don’t care about national security historically, and it’s not currently an issue their cosmopolitan TikTok loving base cares anything, at all, about. “Security” is something that most democrats I talk to now associate with deportation or military spending, both of which they ferociously hate. Across parties, policy and discourse are reactive. Security requires a proactive orientation that it seems the public sector may structurally lack.
lol. lmao even.
this is the holy mary of security, politicians (US) will not give a damn as long as they’re not the ones being targeted and as long as the ad giants like google and co keep lining their pockets.
https://www.wired.com/story/minnesota-lawmaker-shootings-peo...
https://web.archive.org/web/20250506145643/https://smex.org/...
The article leaves out quite a lot about what AppCloud is, but it's essentially how Samsung monetizes their non-flagship device users and can do things like insert installation advertisements into the notification tray, and silently install apps.
Personally, if I found this on my device it'd be the final straw to grit my teeth and finally get a personal apple device.
Samsung’s A and M series smartphones are their cheapest models so their buyers probably cannot afford better phones. I don’t know of any other brands selling in the region with similarly priced models that have better privacy practices than Samsung either—they’re all the same at that price point I’m afraid.
If you don’t want bloatware (spyware), it’s either pixel or iPhone.
Their stock android is fine. If you want more privacy, installing e/OS/ is trivial. It blows my mind that anyone is concluding Samsung stuff is worth buying under any circumstances.
Sure, better than, say, Sony (and as an ex-Sony user I kind of know what I'm talking about), but far from calling it good.
And for US carriers, you are basically locked out of Wi-Fi calling if you are not using one of the whitelisted devices.
I just replaced my iPhone XS, not out of necessity, but I wanted to see what the new ones were like. The 16 is barely better and I was suprised to find just how little the old one was worth second hand, considering it still runs circles around most midrange Android handsets.
That's what I have been thinking recently -- given that Samsung is quietly doing these shady things with my phone, and other annoyances like Samsung forcing Galaxy AI on me (try selecting some texts in a browser or webview) which cannot be uninstalled and the terrible Samsung Pay interface, I am questioning my device choice every day.
I did. No Galaxy AI.
adb shell pm uninstall --user 0 com.package.name
> you can't completely remove it
Maybe my English isn’t very good but that sounds like the definition of unremovable.
Also, English is not my native language. I feel like I did get my point across anyway.
On my 2025 Motorola RAZR 5G, in /product/etc/nondisable are a series of XML files listing carrier and activation apps for Dish Wireless, Tracfone/Verizon Value, T-Mobile, the Amazon App Manager, and two apps provided for finance providers PayJoy (who lock and disable phones for financial product recovery) and one for Claro internally (that operates similar to Payjoy).
But then I haven't had any experience with carrier phones. We just don't do that where I live, all phones are sold unlocked for full price and all plans are prepaid.
I agree that it's not easy, but anyone sufficiently annoyed by these non-otherwise-removable apps who is able to follow instructions should be able to get it done without needing a computer or special knowledge or messing with the command line.
$ pm list packages
2. Plug phone in to computer using USBC cable.
3. Answer prompt on phone granting permission to computer.
4. Run adb commands.
It appears to be a similar case across the MENA region. While the SMEX post primarily focuses on WANA, it is possible to find other reports (e.g. [1]) from the MENA region that describe similar practices by Samsung. There, however, the stories talk about "Aura", rather than "AppCloud".
[1] https://www.moroccoworldnews.com/2025/06/212144/samsung-embe...
A.k.a. I tried to be as politically correct and cite the term used by the respective reporting. The main point I was trying to bring across was that apparently there are two apps involved, not only a single one.
[1] https://en.wikipedia.org/wiki/Middle_East_and_North_Africa
This AppCloud crap has also been pushed to devices in the Europe Open Market.
I also know that this shouldn't have been installed on enterprise devices (either Android Enterprise managed by MDM or E-FOTA managed - don't remember exactly). We had an akward conversation with some Samsung representatives..
Yes the Unity 3D engine company wow.
https://www.pcgamer.com/unity-is-merging-with-a-company-who-...
unity was dying for lack of revenue
Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.
These restrictions extend outside the particular device. It must also be illegal as a commercial entity to enforce security schemes which involve remote attestation of the software stack on the client device such that service providers can refuse to service clients based on failing attestation. Service providers have other means of protecting themselves, taking away users control of their own devices is a heavy handed and unnecessarily draconian approach which ultimately only benefits the ad company that happens to make the software stack since they also benefit from restricting what software users can run. Hypothetically, they might be interested in making it impossible to modify video players to skip ads.
1. Devices should be allowed to display a different logo at boot time depending on whether the software is manufacturer-approved or not. That way, if somebody sells you an used device with a flashed firmware that steals all your financial data, you have a way to know.
2. Going from approved to unapproved firmware should result in a full device wipe, Chromebook style. Possibly with a three-day cooldown. Those aren't too much of an obstacle for a true tinkerer who knows what they're doing, but they make it harder to social engineer people into installing a firmware of the attackers' choosing.
3. Users should have the ability to opt themselves into cryptographic protection, either on the original or modified firmware, for anti-theft reasons. Otherwise, devices become extremely attractive to steal.
Won't this also forbid virus scanners that quarantine files?
> This pertains to all programmable components on the device, including low-level hardware controllers.
I don't think it's reasonable to expect any manufacturer to uphold a warranty if making unlimited changes to the system is permitted.
The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.
Also for the record I think it's a silly attack vector for the average person to worry about. A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.
Especially in Africa, where privacy and consumer rights are probably less relevant than the US/EU.
Well, then it's high time the laws of ownership in just about evey country in the world were updated.
As it stands, if I buy something then I own it.
Similarly it is pretty messed up when people say stuff like “fire can burn you if you aren’t careful” because so many people rely on fire for food and warmth.
Cooking animal products at home poses a health risk. You should be sure to only ever consume animal products prepared by a duly licensed establishment.
The chauffeur's union would like to take this opportunity to remind you that amateurs operating their own motor vehicles risk serious injury and even death.
The FSD alliance would like to point out that hiring a licensed chauffeur also poses a non-negligible risk. Should you choose to make use of a personal vehicle it is strongly recommended that you select one certified by the FSD alliance. Failure to do so could potentially impact your health insurance premium.
For starters, in most places, warranty is a legal requirement and the manufacturer isn't allowed to void it for whatever reason they want. If my phone's battery starts getting really hot in normal use, or I start getting dead pixels on my screen or whatever else, the fact I have a custom OS on my phone isn't relevant to the warranty claim any more than having it in a case or putting some stickers on it. Yes, it'll make claiming it more difficult, but that doesn't mean it's void, just that you'll have to fight through a few more tiers of support agents to get it fixed.
More importantly, rooting is only a security risk in the sense that it increases the attack surface for exploits. The same can be said for any other system-level software. Like if you buy an Nvidia graphics card in your computer and that loads its kernel driver, malware now has one more place to exploit. Are Nvidia graphics cards a security risk?
We've come an incredibly long way from just dropping /xbin/su and calling it a day. Modern (as in the last 10 years) root solutions have caller checks based on a user-defined whitelist and really modern implementations use kernel-level checks to make sure the app wanting root access is allowed to get it. The only way this can be dangerous is if one of those apps or the root solution itself has a code execution exploit. But again, the same can be said for the plethora of system-level bloatware vendors install these days.
Making it easy to root phone makes it easy for scammers to ask people to unlock it.
It should not void warranty if you unlock the phone. But security concerns are real. Mobile banking apps refuse to run on rooted phones.
I would agree.
> Making it easy to root phone makes it easy for scammers to ask people to unlock it.
I would also agree, so then: don't make it easy.
> Mobile banking apps refuse to run on rooted phones.
... but they do run on my web browser. On a computer using open-source software without even secure boot enabled. So, it seems to me this is a cop-out by said banks. They shouldn't require client-side absolute trust to run, and evidently they actually, practically, today, do not require that. It's simply a choice they made, presumably out of laziness or greed.
Historically, computers have not granted you access to everything. Most home computers used to have ROM cartridges, which could not be modified, at least not by an average user. Also, when using unrestricted operating systems, such as as MS-DOS, a simple virus could wipe all your hard work.
In our current time, devices are connected to other machines, and the problem of security and privacy has increased dramatically. Unfortunately, we still don't have operating systems that are secure enough to be used by untrained persons. It makes perfect sense to lock down these devices.
I basically see only two ways out:
1. Allow developers exclusive access to development systems, similar to how console development works.
2. Implement a secure operating system.
It will take an extreme amount of effort to do the latter, and it might even be impossible to gradually absorb the mess of interfaces that people and companies expect to work.
So that probably leaves us with the first option. Personally, I would love devices to be locked down more, so that the crazy threats from hackers will be less severe. But I would also love to keep developing software. Having to jump through some hoops is probably unavoidable. The situation could be compared to requiring a driver's license in order to safely drive on the shared infrastructure.
As much as I agree with your sentiment to have freedom, it still seems somewhat overly optimistic to expect this to work in our complex society.
Anything else and you lose freedom, and the whole ethos that enabled the advanced IT landscape of today.
Can be given control [by handset manufacturers] is an unfulfilled potential. And it will always be unfulfilled - because otherwise, users could protect themselves from manufacturers/providers foistware.
Given their reality, users root.
That doesn't give me any less power than root, but does give those apps less power and limits the potential impact if one gets compromised. I think when most people say the device owner should be able to get root, they mean that the owner, rather than the manufacturer or OS vendor should have the final say in all cases, not that it has to literally work just like root on Unix.
Having root access is not in the interest OR benefit of most regular users. Rooting your phone is a footgun for 99% of people who install random apps and will get hacked and have their life savings transferred or ransomed.
For them the article does the right thing. For everyone else, like you or me, we will not care what this article says anyway.
That's why what Samsung does is double bad. Noot rooting phone is good hygiene if your phone respects you. But if it comes with malware then thats a stab in the back.
What about desktop OSes for the last 40/50 years?
Sure they aren’t the foam-padded locked down phone OSes, but isn’t this fear a case of leaving said padded room?
South Korean needs USA to protect it.
Consider everything from South Korea to be under the blessings of the NSA.
I own a $50 Android tablet just for the required certificates to run DUO for work and other than that just use a UMPC with a modem card and VOIP for everything.
And as much as I hate sending all the data to Google, their Translate app is indispensable for communicating in non-English speaking countries.
Google Maps's search/review works fine on the web, I'd imagine the experience is probably nicer on the web than mobile.
Qwen and gemma both run locally on Linux and are excellent for translation.
I don't see how any company can compete with this unless they somehow figure out how to make a vastly superior product.
As an aside, I recall getting a lot more ads when I used Samsung Keyboard.
Yeah, all Samsung software is a liability.
Don't even get me started on the Samsung smart TVs. Just horrible all-around.
Strangely enough, I cannot reproduce this now.
I'll see when it happens again, and if I can uninstall keyboard via adb. It's just a pre-installed app, after all.
Unless you have already used adb to disable or remove the app, the issue is guaranteed.
Go to Settings->Apps and find the app in the list. Click "Configure in AppCloud" and then click "Personal Data". A form shows up where you can request access to the data or request a deletion of the data.
I just requested access to my data, received an email confirmation where I had to click a link. I am curious to see what they will send me (if they will send me anything).
Not found on this Samsung phone.
---
I just received the data inside an email. It is just a HTML file with the headers "Data Privacy Report" and "Aura Up Privacy Report" but other than that it is empty. Obviously this is all just bullshit to pretend to comply with GDPR.
I was able to disable it but not remove it, unclear if it will re-enable itself. It had sent about 35mb of data since March 1st, and was enabled as a background service.
Id gather you could go very far with the following list:
- Proved correct micro kernel
- Encrypted messaging by default
- Encrypted memory
- Encrypted messaging between processes.
- hardware switches for modems, peripherals and battery
We need to decouple phone hardware from phone software, as we did with computers.
As it's usually not viable to opt-out of those, the solution seems to be having a separate device.
I did not expect the thing I made games with as a teen to be involved in a global war.
So the question is who would we like to be exploited by?
We have new spyware coming from Israel, let's update the list:
- Pegasus
- Candiru
- QuaDream
- Cellebrite
- Paragon Solutions
- Nemesis
- AppCloud
I even refuse to buy QD-OLED monitors out of indignation that Samsung makes the panels. Maybe I'm alone but maybe one day we'll boycott lousy companies out of business.
Genuine question.
In my case I also wanted an SD card slot so it was slim slim pickings indeed. (And still there are some misfits who insist that there is no such thing as progress!)
Pixel phones get 7 years of OS and security updates. Do you consider Pixel phones to allow you to easily migrate to a new phone?
Disclosure: I work at Google, but not on Android or Pixel.
Has any smartphone maker succeeded in getting more than a few percent of market share, released more that 2 phones while being immune to that level of fiasco ?
There have been other phones that had very occasional battery fires, but nothing on remotely the same level.
Möbius Sync and Synctrain are the options for Syncthing. Both work, neither are official (nor is the currently-maintained Syncthing fork for Android).
Unity the ones doing a game engine?
There's no need to present it as anything less than what it is, it is enough of a scandal already. Fear mongering using the words "Israeli Spyware" just undermines the very just point being made.
Would be funny if antisemitism led to good outcomes for once
And of course I don't keep anything valuable on the phone, do not login anywhere, do not install apps etc. It is an untrusted device because it does not run Linux.
2. Scroll down and tap Apps.
3. Look for AppCloud in the list of apps. If it’s not visible, tap the three-dot menu in the top-right corner and choose Show system apps to find it.
4. Once you’ve found AppCloud, tap it, and then tap Disable to stop it from running.
https://hackerdose.com/tips/remove-appcloud-from-samsung/#:~...
There are no innocent world superpowers.
I've recently learned that movie "7 years in Tibet" is full of lies, starting with the fact that the main character was hardcore Nazi follower in real life.
There are a lot of things that we don't know because media are not interested in enlightening people. They are interested in pushing the current agenda.
E.g. Tibet was a poor feudal state with slavery, but you won't easily find this information, because all you can find now if you search for it is: "China is bad, bad, and Tibet is very good, enlightened people, very warm and kind". It is not like that.
Capitalist technologies are the surveillance state incarnate. They must study people in order to manufacture consent.
Remember democracy is majority rule, when have you ever had true control over your political destiny? You KNOW the answer is never.
Democracy =/= trust.
Democracy = control.
Only countries with regular coalition governments can be classed as a actual democracies.
Oh you like phones? Well our phone companies require us to directly or indirectly create proxy wars in this region in order to acquire the raw materials necessary.
This is the democracy of western nations: policy hidden behind capitalist interests that the people engage with through consumption.
Its democracy for the rich not for the millions of us.
That's why they NEED to manufacture consent, in order to get you on board with murder and fabricated poverty in order to have goods and services.
I guess you shouldn't find yourself against Western and/or Israeli interests then. It's time you learned to love Big Brother.