According to a newly published open letter by SMEX – a leading digital rights organization in the region – AppCloud is far more than an annoying piece of bloatware. The app, originally developed by ironSource, an Israeli-founded company now owned by Unity, is reportedly deeply embedded, non-removable, and capable of collecting highly sensitive data without any meaningful user consent.
A wave of user complaints across West Asia and North Africa has ignited a wide-ranging debate around digital rights, device security, and corporate responsibility. At the center of this controversy is AppCloud, a pre-installed application found on Samsung’s popular A and M series smartphones one the company has never clearly disclosed, explained, or allowed users to remove.
For Samsung – a global leader in consumer electronics – this raises serious questions: Why was this software installed? Who controls the data? And why aren’t users given a choice?
Why It Matters – And Why the Region Is Paying Close Attention
The WANA region is no stranger to spyware scandals, aggressive surveillance campaigns, and geopolitical sensitivities around Israeli-founded technology companies. This is why the discovery of an unremovable app with opaque data practices has triggered such strong reactions.
The concerns outlined by SMEX are significant:
1. AppCloud cannot be removed without rooting the device
This action voids warranties and exposes users to new security risks, an unacceptable dilemma for everyday consumers seeking privacy.
2. The app appears to collect highly sensitive data
Including biometric data, IP addresses, and device fingerprints, with no clear privacy notice available.
3. No opt-out or transparency from Samsung
The company’s Terms of Service mention third-party apps, but do not name AppCloud or ironSource directly.
4. Legal and political implications in several countries
Some WANA countries – including Lebanon – legally restrict or ban the operation of Israeli-founded companies inside their borders.
In a region already targeted by sophisticated digital espionage operations, pre-installed opaque software represents not just an inconvenience, but a potential national security issue.
How the Issue Started
Samsung expanded its partnership with ironSource in 2022, enabling the company to pre-install AppCloud on millions of new devices. While Samsung markets these phones for affordability and accessibility, the lack of transparency around AppCloud’s presence is driving user distrust.
Users say the bloatware reappears even after being disabled, survives system updates, and provides zero clarity on what happens behind the scenes.
As SMEX states in its letter:
“Users deserve to know what is installed on their devices and how their data is being used.”
What SMEX Is Asking Samsung To Do
The open letter calls on Samsung to take immediate action:
- Disclose AppCloud’s full privacy policy and data practices.
- Provide a simple, safe method to remove or disable the app.
- Explain why the app is pre-installed in the WANA region.
- Reconsider future pre-installations in line with global privacy standards.
- Engage in a direct meeting with privacy groups to clarify intentions.
These requests are neither radical nor unreasonable – they reflect standard expectations of transparency and data protection that users worldwide increasingly demand.
The Cybersecurity Perspective: Why Security Teams Should Pay Attention
Even though this issue targets consumer devices, the implications spill heavily into the cybersecurity space. Pre-installed, unremovable software with access to device-level data can create fertile ground for exploitation, particularly in regions with heightened geopolitical tensions.
Security teams should treat such cases as supply-chain vulnerabilities – risks introduced not by users, but by manufacturers.
10 Recommended Actions for Cybersecurity Teams & Organizations
- Conduct regular mobile device audits to identify hidden or pre-installed apps.
- Enforce Mobile Device Management (MDM) policies to limit risky applications.
- Train users on privacy risks through certified cybersecurity awareness programs.
- Avoid mixing personal and professional data on devices with unremovable bloatware.
- Use managed enterprise devices whenever possible.
- Build a zero-trust strategy integrated with mobile governance.
- Treat unknown or opaque apps as potential supply-chain threats.
- Limit sensitive work conducted on non-hardened consumer devices.
- Apply regional compliance rules for data protection, especially in MEA markets.
- Continuously monitor vendor updates, advisory notes, and digital rights reports via platforms like Cybercory.
Regional Impact: Why WANA & MEA Users Care Deeply
Samsung enjoys dominant market share across GCC and African markets, especially with the A and M series. These are the devices used by:
- Government employees
- NGO workers
- Journalists
- Students
- Everyday professionals
In regions where cybersecurity maturity varies widely, a forced, unremovable app that collects unknown data is more than a privacy issue – it becomes a societal risk.
SMEX underscores this clearly:
“The forced installation of AppCloud undermines the privacy and security rights of users in the MENA region.”
Conclusion – Transparency Is the Only Path Forward
The open letter to Samsung represents a growing expectation among global users: privacy cannot be optional, and pre-installed software must be clearly disclosed, removable, and compliant with international laws.
The controversy around AppCloud is not merely about one app, it’s part of a broader conversation about digital rights, corporate accountability, and the cybersecurity risks hiding inside our devices.
Samsung now faces a critical choice:
Will it champion transparency, or continue to ignore a legitimate and growing public concern?
For millions of users across WANA, the answer cannot come soon enough.
