Samsung under fire over unremovable AppCloud bloatware amid spyware allegations

Samsung, the South Korean electronics giant, is facing mounting global criticism after cybersecurity experts and digital rights organisations flagged its pre-installed app, AppCloud, as bloatware that is effectively “unremovable”. The controversy is tied not only to privacy concerns but also to the app’s links to an Israeli-founded firm with a history of spyware development.

Originally reported on devices in West Asia and North Africa, the presence of AppCloud has since been confirmed in Galaxy A, M, and F series phones in South Asia and Europe as well.

According to a February report by SMEX (formerly Social Media Exchange), a Beirut-based digital rights organisation, AppCloud is deeply integrated into the operating system and cannot be removed without root access — a process that can void warranties and compromise device security.

The app is developed by ironSource, an Israeli-founded company that has previously faced scrutiny for building invasive software. IronSource, now owned by US-based Unity Technologies, created InstallCore — a software bundler capable of circumventing user consent and antivirus programmes, and which was classified by several cybersecurity firms as a potentially unwanted programme (PUP).

SMEX accused Samsung of installing AppCloud by default without providing adequate transparency or user control. “Since AppCloud seems to be built into the system by Samsung, there is no way to purchase a new model without it,” said the SMEX report.

Despite multiple inquiries, Samsung has not issued a public response. In May, SMEX published an open letter to the company highlighting what it described as serious legal and ethical implications, especially in countries where Israeli-linked software faces legal barriers.

“Samsung’s terms of service mention third-party applications but do not specifically address AppCloud or ironSource, despite the significant data access and control granted to this bloatware app,” the letter stated.

The issue regained momentum in September 2025, when users across Europe and South Asia began sharing screenshots of AppCloud requesting permissions such as full network access, the ability to download files without user notification, and the ability to prevent devices from sleeping.

Cybersecurity experts argue these permissions are concerning. “These permissions show the building blocks of an always-on data pipeline,” said Ehraz Ahmed, a security researcher, in an interview with Middle East Eye (MEE). “While this doesn’t prove classic spyware, it blurs the line between aggressive ad-tech and surveillance.”

An anonymous editor of International Cyber Digest, a cybersecurity newsletter, told MEE that the most worrying aspect is the persistence of the app. “Even when disabled, AppCloud remains on the device, reappears after updates, and can covertly install additional software,” they said.

User frustration has mounted on social media, with one post by International Cyber Digest on X receiving over 7 million impressions. The post called AppCloud an “unremovable Israeli spyware found on Samsung devices”, sparking widespread concern and calls for transparency.

Critics note that while AppCloud markets itself as a recommendation service for apps during device setup, its unremovable nature and opaque data practices set it apart from conventional software.

AppCloud can technically be removed using Android Debug Bridge (ADB) commands, but this method is not accessible to average users and is not officially supported by Samsung.

The wider controversy has been amplified by ongoing scrutiny of Israeli companies linked to spyware and digital surveillance. In recent years, Israel has faced criticism over its use of spyware technology in both domestic and international contexts.

In September 2024, a high-profile incident saw boobytrapped communication devices linked to Israeli operatives explode in Lebanon, killing 39 and injuring thousands. The incident prompted widespread fear and concerns about hardware manipulation.

Similarly, investigations in 2021 revealed that Pegasus spyware, developed by Israeli firm NSO Group, was used to target journalists, politicians, and activists worldwide. The tool was reportedly deployed against Israeli citizens as well.

Further scrutiny followed when The Guardian reported in 2025 that Microsoft severed ties with Israel’s military intelligence unit Unit 8200, after allegations of mass surveillance of Palestinians using Microsoft’s Azure cloud platform.

In this context, the AppCloud case has reignited debate over digital privacy and the ethics of pre-installed software.

Some cybersecurity analysts argue that while AppCloud may not constitute nation-state spyware, its mandatory presence and opaque privacy policy make it unsuitable for inclusion on consumer devices without clear user consent.

“This is not simply about whether it’s spyware,” said Ahmed. “It’s about transparency, trust, and giving users control over what runs on their devices.”

Though Samsung has yet to comment, experts suggest the company may need to provide users with the option to disable or uninstall AppCloud completely, or risk further backlash.

Digital rights organisations are calling for regulatory intervention and urging governments to investigate the extent of data sharing and whether it violates consumer protection laws.

With countries reportedly considering restrictions on devices containing the app — though these claims remain unconfirmed — the pressure is growing on Samsung to respond decisively.