A comprehensive investigation by digital rights organisations has exposed that certain mid-range smartphones from Samsung—specifically the Galaxy A and M series devices—are pre-installed with a software component called AppCloud, developed by the Israeli-founded company ironSource (now under Unity Technologies). The startling claim: this software is deeply integrated into the operating system and cannot be removed by ordinary users via conventional settings.
Key Findings
- AppCloud is reported to come pre-installed or pushed via system updates on Galaxy A/M models sold in the West Asia and North Africa (WANA) region.
- Users attempting removal find the “Uninstall” option disabled; at best only “Disable” is available—and the app may re-appear after system updates.
- The component operates at a system level, making full removal theoretically possible only with rooting or through ADB (Android Debug Bridge) tricks—both risky for average users.
- AppCloud is associated with data‐harvesting capability: device identifiers, IP addresses, behavioural patterns and other sensitive identifiers may be collected, while transparency regarding its privacy policy or consent mechanism is reportedly lacking.
Corporate, Technical & Regulatory Implications
From a technical and governance perspective the situation raises multiple red flags:
- As a system-embedded component, removal is not feasible without advanced user skills; typical device users cannot control or remove the software.
- The involvement of an Israeli-founded ad-tech company (ironSource) deepens regulatory risks in markets where Israeli companies are restricted or where data-protection laws require explicit consent and uninstall ability.
- Pre-installation on budget-segment devices (Galaxy A/M) amplifies risk of mass exposure, especially among users less familiar with device security controls.
- The lack of visible or accessible privacy disclosures around AppCloud undermines consumer rights and may conflict with region-specific data-protection regulations.
Impact on Consumers
For end users in affected regions including Pakistan, the implications are significant:
- A device that appears standard may carry a pre-embedded, non-removable component with elevated privileges.
- Ordinary users cannot easily uninstall the component via Settings → Apps. The only available action may be to disable it—and even then the process may not fully stop its operations or may revert after updates.
- Advanced removal (rooting, ADB) carries warranty voiding, risk of device instability, and exposure to security issues—not practical for most users.
- Because the app collects or could collect identifiers and usage data, the risk of profiling or unintended tracking increases, especially when transparency and control are weak.
What Affected Users Should Consider
Given the constraints, users of Samsung Galaxy A/M series phones should take proactive—but realistic—steps:
- Go to Settings → Apps → Show system apps and search for “AppCloud” or similar pre-installed components.
- If found, disable the app and revoke permissions (e.g., background data access, system-settings modifications) where possible.
- After major system updates, re-check the apps list: there are documented cases of re-appearance or re-activation of the component.
- For heightened control: monitor network traffic and app behaviour using third-party monitoring tools (bearing in mind that technical expertise is required).
- When purchasing new devices, evaluate whether the manufacturer allows full removal of pre-installed software or offers a “clean” OS option.
The investigation reveals that a large‐scale smartphone deployment (Samsung Galaxy A/M series) in key regions may include a deeply embedded software module (AppCloud) from an ad-tech/Israeli-founded firm, which users cannot easily uninstall and which may harvest significant personal device data. For consumers, regulators and manufacturers alike, the matter poses urgent questions around informed consent, data-sovereignty, device transparency and user autonomy.
