The Discovery That Has Privacy Advocates Alarmed

Samsung Galaxy users across West Asia and North Africa (WANA) have unknowingly been carrying a piece of Israeli surveillance technology in their pockets. AppCloud, a pre-installed application developed by Tel Aviv-based IronSource and now owned by Unity Technologies, has been quietly collecting personal data from millions of Samsung devices—and users cannot fully remove it.

Bottom Line: AppCloud represents a significant privacy breach affecting millions of Samsung Galaxy A and M series users, particularly in the MENA region, where the app harvests sensitive personal data without clear consent mechanisms or removal options.

What Is AppCloud and How Did It Get There?

AppCloud is embedded into Samsung M and A models of the Galaxy smartphone line in the WANA region, following an expanded partnership between Samsung MENA and IronSource in 2022. Unlike traditional applications that users choose to download, AppCloud is pre-installed without the explicit permission of the consumer during the purchase or phone set up.

The app serves as what IronSource calls a “recommendations layer”—suggesting games and applications to users. However, privacy researchers have uncovered a more troubling reality: AppCloud functions as a comprehensive data collection system that monitors user behavior, device information, and location data.

The Scope of the Problem

Geographic and Device Distribution

Field checks by reporters in Jordan, Egypt, Morocco, Syria, Lebanon, Iraq, and Türkiye found AppCloud present and non-removable on in-store demo units and user-purchased phones—especially Galaxy A and M series. Notably, the investigation did not find AppCloud on devices sold in the US or Europe during tests.

The targeting is strategic. Samsung’s Galaxy A and Galaxy M—targeting value-conscious buyers—are among the top-selling Android lines globally, with ~89 million A-series shipments and Samsung aiming to surpass 100 million units in 2025. This scale means potentially millions of users are affected.

How the App Spreads

AppCloud appears on devices through multiple vectors:

  • Pre-installation: Pre-installed on select models at purchase- System updates: May auto-install via system or security updates even if not present at purchase- Persistent notifications: Users report receiving constant prompts to “complete device setup” after Android updates

What Data Does AppCloud Collect?

The data collection is extensive and invasive. According to privacy policy analysis and technical investigations, AppCloud and its associated Aura platform collect:

  • Device fingerprints: Unique identifiers that can track devices across platforms- IP addresses: Enabling geographical location tracking- Location data: Real-time and historical location information- Usage patterns: Information about which apps users access and when- Biometric identifiers: In some configurations- Device information: Hardware specifications, operating system details, and network information

The app allows access to users’ data, including sensitive information such as IP addresses, device fingerprints, and personal details, enabling the identification and geographical location of the phone’s owner.

The Removal Problem: Why Users Can’t Delete AppCloud

Technical Integration

The bloatware cannot be uninstalled easily because it runs on the device’s operating system. Uninstalling it requires root access (the highest level of control in a computer system) of the phone to remove the AppCloud package.

Samsung has deliberately integrated AppCloud at the system level, making it virtually impossible for average users to remove:

  • No uninstall option: No standard “Uninstall” option on affected devices; at best, users can Disable- System-level integration: Labelled system/integrated to maintain an “out-of-box” experience- Persistent reinstallation: Updates can reinstall the package even after advanced users attempt removal

Limited Workarounds

Users have reported several partial solutions:

Basic Disabling: Settings → Apps → AppCloud → Disable. This reduces activity/visibility but does not delete the app and may revert after major updates

Advanced Removal (for technical users): Advanced users report removing it via ADB (Android Debug Bridge), but this is unsupported, may void support, and updates can reinstall the package

Hidden Terms of Service

One of the most troubling aspects of AppCloud is the opacity surrounding its privacy practices. Since AppCloud is unlisted online there is no copy of its privacy policy or terms of service available to the wider public.

AppCloud is basically buried in the backend of the phone making its terms of service inaccessible from the phone without a prompt. This makes it nearly impossible for users to understand what data is being collected or how it’s being used.

While the app’s privacy settings claim users can disable data collection by turning off “AppCloud” in the app list, deletion requires submitting a form that does not exist—effectively making it impossible to fully remove unless the user possesses advanced technical knowledge.

This creates a consent mechanism that privacy experts argue violates European GDPR standards, which require that consent must be a freely given, specific, informed and unambiguous affirmative act—and withdrawal must be as easy as giving it.

The IronSource Connection

Company Background

IronSource, headquartered in Tel Aviv, Israel, has a controversial history in the technology sector. IronSource is notorious for its questionable practices regarding user consent and data privacy.

The company has faced significant criticism:

  • Game developers for the Unity Engine were so concerned that they even submitted a collective ultimatum to Unity, ironSource’s parent company, citing its use as malicious adware- IronSource has been part of a class action lawsuit settlement alongside fellow adtech firms from Israel’s Download Valley for tracking and targeting children with predatory purchases in games

Unity Acquisition

In 2022, Unity Technologies acquired IronSource, but the Aura business (and leadership, including Tomer Bar-Zeev) continues, with Tel Aviv listed as a key hub and hiring location. This acquisition expanded the potential reach of IronSource’s data collection capabilities.

Regional Implications and Security Concerns

The implications for Samsung users in WANA are particularly severe. Not only does AppCloud silently harvest user data, but its ties to an Israeli firm raise serious legal and ethical questions in a region where Israeli companies are legally barred from operating in several countries.

Intelligence Concerns

The investigation situates AppCloud/Aura within a wider Israeli surveillance/export ecosystem, frequently linked to Unit 8200 veterans and Defence Ministry licensing. This connection has raised concerns about potential intelligence gathering capabilities.

The timing of these concerns became particularly acute following the September 2024 incident when Israel carried out attacks in Lebanon using compromised communication devices, highlighting the potential security risks of embedded foreign technology in consumer devices.

Samsung’s Response and Corporate Responsibility

Limited Transparency

Samsung cites general privacy commitments and third-party app policies, but no app-specific public statement addressing AppCloud’s permissions/collection. The company has not provided detailed explanations for why AppCloud cannot be removed or what specific data is being collected.

Samsung’s site clarifies that third-party apps may operate independently, with their own cookies, pixels, tracking, and separate privacy policies—and that Samsung isn’t responsible for third-party content or practices.

Partnership Justification

Samsung has defended the partnership as enhancing user experience, but critics argue this justification doesn’t address the fundamental privacy and consent issues. The partnership was publicly marketed as a way to “enhance user experience” with AI-powered apps and content suggestions.

Privacy Advocacy Response

SMEX Investigation and Open Letter

The Social Media Exchange (SMEX), a digital rights organization, has been at the forefront of investigating and documenting the AppCloud issue. SMEX has received numerous reports from users across West Asia and North Africa expressing alarm over AppCloud’s intrusive data collection practices.

SMEX issued an open letter to Samsung demanding:

  • Disclosure of the full privacy policy and data handling practices of AppCloud- A straightforward and effective method for users to opt out of AppCloud and remove it from their devices without compromising device functionality or warranty- A clear explanation for the decision to pre-install AppCloud on all A and M series devices in the WANA region

User Impact and Complaints

Consumer Frustration

User communities across Samsung forums and social media have expressed significant frustration with AppCloud. Common complaints include:

  • Persistent, unremovable notifications- Automatic app installations without clear consent- Inability to fully remove the application- Lack of clear privacy information- Apps reappearing after system updates

Users report that the app reappears after each system update, making it seem like a constant nuisance. Some users have gone so far as to say they will purchase no more Samsung products due to AppCloud’s intrusive behavior.

Technical Workarounds and Risks

While some users have found partial solutions, these often come with significant risks:

  • Voided warranties: Root access required for full removal voids device warranties- Security vulnerabilities: Modifying system-level apps can create security holes- Temporary effectiveness: Updates can reinstall the package even after removal attempts

Industry Context and Broader Implications

The Bloatware Problem

AppCloud represents a larger issue in the Android ecosystem where manufacturers pre-install third-party applications as part of revenue-sharing partnerships. These arrangements allow manufacturers to subsidize device costs or generate additional revenue streams by promoting partner apps.

However, AppCloud goes beyond typical bloatware by:

  • Collecting extensive personal data without clear consent- Being impossible to remove through standard methods- Operating with minimal transparency about its functions and data practices

Privacy Rights Violations

Privacy experts argue that AppCloud’s implementation violates several fundamental privacy principles:

  1. Informed Consent: Users are not adequately informed about data collection2. Purpose Limitation: The scope of data collection exceeds what’s necessary for app recommendations3. Data Minimization: The app collects more data than needed for its stated purpose4. User Control: Users cannot effectively opt out or remove the application

Moving Forward: Recommendations and Solutions

For Users

Immediate Steps:

  • Disable AppCloud in device settings (Settings > Apps > AppCloud > Disable)- Turn off notifications for the app- Regularly review app permissions after system updates- Consider using privacy-focused Android ROMs for advanced users

Long-term Considerations:

  • When purchasing new devices, research pre-installed applications- Support consumer advocacy organizations demanding transparency- Consider the privacy implications of device manufacturer partnerships

For Samsung

Privacy advocates and digital rights organizations are calling on Samsung to:

  1. Provide Full Transparency: Release comprehensive privacy policies for AppCloud2. Enable User Choice: Allow users to completely remove AppCloud without voiding warranties3. Respect Regional Laws: Ensure compliance with local privacy regulations and boycott laws4. Future Prevention: Commit to transparent disclosure of all pre-installed third-party applications

For Regulators

The AppCloud situation highlights the need for stronger regulations around:

  • Pre-installed Software Disclosure: Requirements for manufacturers to clearly disclose all third-party applications- Removal Rights: Legal requirements allowing users to remove any non-essential software- Data Collection Transparency: Mandatory clear disclosure of all data collection practices- Cross-border Data Flows: Stronger oversight of international data sharing arrangements

🎧 Related Podcast Episode

Conclusion

The AppCloud controversy represents more than a single app causing privacy concerns—it illustrates a systemic issue where consumer device manufacturers prioritize business partnerships over user privacy and choice. The implications for Samsung users in WANA are particularly severe, as AppCloud silently harvests user data while its ties to an Israeli firm raise serious legal and ethical questions in a region where Israeli companies are legally barred from operating in several countries.

As digital privacy becomes increasingly critical, the AppCloud case serves as a stark reminder that consumers must remain vigilant about the software embedded in their devices. For Samsung, this situation presents an opportunity to demonstrate genuine commitment to user privacy by providing transparency, user control, and respect for regional legal and ethical concerns.

The broader technology industry should take note: partnerships that compromise user privacy and choice, regardless of their revenue potential, ultimately damage consumer trust and corporate reputation. In an interconnected world where personal devices hold our most sensitive information, the principle of user control over their own data must remain paramount.

This investigation is based on reports from digital rights organizations, user testimonials, privacy policy analysis, and technical research conducted between 2022 and 2025. Samsung and Unity Technologies were contacted for comment but had not provided comprehensive responses addressing the specific privacy concerns outlined in this article at the time of publication.