Samsung embeds IronSource spyware app on phones across WANA

Original Article ↗ Hacker News Discussion ↗

What AppCloud/Aura Does and Where It Appears

  • Commenters say AppCloud (a Samsung system app by ironSource/Unity) monetizes users by:
    • Pushing install ads via notifications.
    • Silently installing apps.
  • It’s reported on A and M series (budget) phones, but multiple people say it’s also on S‑series and European, North American, Australian devices.
  • Similar behavior is reported under the name “Aura” in other MENA countries.
  • Some see it as adware/bloatware; others argue the open letter is light on technical detail and leans on “Israeli spyware” framing.

Impact on Low‑End Users and OEM Incentives

  • Cheap Samsung devices are seen as subsidized by ad/spyware; “real costs are hidden.”
  • In WANA/MENA and India, low‑income users often have no better‑priced alternative with cleaner software; Chinese brands at that price are said to be similar or worse.
  • Some defend Samsung’s hardware value (SD card, long support, S‑Pen) while criticizing the software.

Alternatives: iPhone, Pixel, Other Android Vendors

  • Suggestions:
    • Used/refurbished iPhones as more private and long‑supported.
    • Pixels with custom ROMs (GrapheneOS, LineageOS), though Tensor SoC heat/perf and availability by region are criticized.
    • Fairphone + e/OS, Moto, Sony, Nothing, OnePlus, Zenfone.
  • Counterpoints:
    • iOS also has bloat and opaque carrier integrations; Apple’s privacy is called partly “marketing,” though others cite ATT and App Store rules as meaningful constraints.
    • Fairphone and custom ROMs get criticized for late patches, bugs, and degraded Play Integrity support.

Can Users Remove or Disable AppCloud?

  • Technically:
    • Can often be disabled via system settings or adb shell pm uninstall --user 0 …, but APK remains on read‑only system partition.
    • Some OEMs/carriers mark packages “nondisable” or cause them to reappear after updates.
  • Debate over calling it “unremovable”:
    • One side: if users can’t truly delete or easily disable it, it’s effectively unremovable.
    • Other side: if it can be disabled so no code runs, that’s “removed enough,” and it doesn’t really affect user storage.
  • Many note that 99% of users won’t touch ADB, terminals, or custom ROMs.

Root, Verified Boot, and Attestation

  • Strong thread arguing that lack of root on owned hardware is illegitimate; remote attestation + Play Integrity locks users out of banking/gov apps if they flash custom ROMs.
  • Others warn widespread root would massively expand malware/ransomware risk for non‑technical users and justify some lockdown.
  • Verified boot is defended as part of a “trusted computing base”; critics call it DRM that shifts power from owners to vendors.
  • Some propose legal regimes:
    • Mandate that general‑purpose devices must allow any OS.
    • Prohibit service providers from denying service based on device attestation.

Surveillance, National Security, and Geopolitics

  • Several comments connect embedded tracking/ads, data brokers, and mobile spyware to:
    • Targeting of Iranian nuclear scientists and officers.
    • Drone and precision strike capabilities.
    • The idea that privacy is now a national security issue, not just a civil‑rights concern.
  • Others argue “old‑school” human intelligence and state data leaks (e.g., sold gov databases) can explain targeting just as well.
  • There is extended back‑and‑forth on:
    • Israeli spyware vendors (Pegasus et al.), alleged CPU backdoors, and tinfoil vs. plausible threat models.
    • Whether Chinese, US, or other vendors are more/less trustworthy; some insist all big powers abuse telecom and cloud infrastructure.

Unity / ironSource / “Israeli Spyware” Framing

  • ironSource, long known as a “sleazy” game ad network/installer, was acquired by Unity for billions; this raises questions about:
    • Trustworthiness of Unity’s ad/analytics stack.
    • Whether Unity‑based games should be assumed to include invasive tracking.
  • Some object that branding this as “Israeli spyware” is sensationalist:
    • The behavior (adware, silent installs) is already bad enough.
    • Over‑the‑top “Pegasus‑like” insinuations may undermine legitimate criticism.

Wider Disillusionment: Smartphones, Capitalism, and Democracy

  • Multiple commenters express total distrust of consumer phones:
    • Some have moved to UMPCs with modems + VoIP, or feature phones.
    • Samsung smart TVs and keyboards are cited as additional tracking vectors (clipboard access, aggressive data collection).
  • Broader political critiques appear:
    • Phones and ad‑tech as instruments of corporate/state surveillance and “manufacturing consent.”
    • Claims that “voting with your wallet” is illusory when production and options are controlled by capital and geopolitics.
  • Overall mood: anger at Samsung, deep skepticism that any major platform (Samsung, Google, Apple, Chinese OEMs) truly serves user interests, and a sense that regulatory responses are far behind the threat.