- cross-posted to:
- privacy@lemmy.dbzer0.com
- cross-posted to:
- privacy@lemmy.dbzer0.com
If you own a Samsung A or M series phone and live in the Middle East or North Africa, you are likely being monitored, with data collected through your device by the South Korean tech giant on behalf of “Israel.”
This follows revelations that Samsung allowed the installation of a covert application developed by an Israeli company, IronSource, which harvests personal data, posing significant risks, especially if you are a potential target of Israeli surveillance.
The latest disclosure comes in the wake of the pager explosion in Lebanon, and now, attention has turned to Samsung phones, used by millions of Arab consumers, which have been found to contain Israeli software that leaks sensitive information.
Samsung entered into an agreement with IronSource, an Israeli firm, to pre-install this hidden app on Samsung phones sold exclusively in the Arab world (the MENA region), without the knowledge of the device owners.
This controversial partnership raises serious concerns about possible espionage or cyberattacks, with experts warning that the software could compromise the security of these devices.
The spyware could allow future attacks targeting communication networks or disrupt critical infrastructure in the region.
Adding to the alarm, tech specialists have highlighted that the Israeli app is particularly difficult to remove; once deleted, it reinstalls itself automatically, making it nearly impossible for users to protect their privacy.
This marks the fourth revelation of Israeli espionage tactics being used against Lebanese and Arabs, following the discovery of bombs in Pager devices, the infiltration of Walkie-Talkie communication systems used by Hezbollah, and the jamming of aviation navigation systems and GPS devices.
Spyware Deal The Lebanese digital rights platform, Social Media Exchange (SMEX), which advocates for human rights in digital spaces across West Asia and North Africa, was the first to reveal that Samsung had signed a partnership agreement with the Israeli company IronSource back in 2022.
The deal allows IronSource to pre-install its AppCloud application on Samsung’s A and M series phones before they reach consumers.
On October 29, 2024, SMEX disclosed that the South Korean tech giant, Samsung, and the Israeli firm IronSource had agreed to load this app onto phones sold in the Middle East and Africa, including Lebanon.
The app, according to SMEX, provides access to personal information from the phone’s owner, as well as other sensitive data.
The AppCloud application, in turn, installs another program called Aura, which secretly downloads additional software without the user’s knowledge, particularly affecting devices distributed in Lebanon and across the Arab region.
The app in question allows access to users’ data, including sensitive information such as IP addresses, device fingerprints, and personal details, enabling the identification and geographical location of the phone’s owner — potentially facilitating surveillance or even targeting for assassination.
This could also help explain the mystery behind Israeli ability to easily track and target Hezbollah figures across Lebanon, Syria, and other regions, even after the dismantling of explosive pager devices.
It underscores the urgent need for the Middle East to develop independent communication systems.
495590693.webp (1200×630) A report by SMEX highlights the alarming reality that the Israeli app can be installed on Samsung phones without the owner’s knowledge, with removal proving nearly impossible due to the complex technical hurdles involved.
Even those who manage to disable the app find it reappears automatically, confirming its nature as high-tech spyware.
The app in question, AppCloud, which has been surreptitiously embedded in Samsung devices for over a year, was first flagged by a user in an August 2023 post on the company’s support forum, titled “How can I remove AppCloud?”
Spyware installation raises concerns that the app has been silently present in phones long before Operation al-Aqsa Flood and the ongoing war.
Data Harvesting or Assassination? The Israeli war on Lebanon has brought renewed focus on the issue of espionage and electronic interference, with the bombing of pager devices used by thousands of Lebanese citizens, marking yet another chapter in the ongoing conflict.
This raises critical questions: Is the installation of spyware on Samsung devices aimed at collecting data, or is it a more sinister effort, akin to the Pager incident, to facilitate targeted killings?
Abed Kataya, media program director at the Lebanese digital rights platform SMEX, confirmed that “the Israeli application is often pre-installed on [Samsung] devices,” before purchase, and updates occur without the user’s consent.
Kataya explained that this practice extends to over 50 markets in the Middle East and North Africa, indicating that the data harvesting operation is not limited to Lebanon alone.
The AppCloud app installs another program called Aura, which prompts users to download additional apps, all of which contribute to collecting personal data, including device information and biometric identifiers like fingerprints.
Data harvesting makes it easier to track and identify the device’s owner.
Perhaps most concerning, says Kataya, is that the app’s activities cannot be stopped or any permissions it requests are denied.
While AppCloud claims to uphold privacy policies by allowing users to opt out of data collection, in practice, trying to delete it from the device reveals an impossible-to-find form that must be completed.
Deleting the app, according to Kataya, requires technical expertise well beyond the average user’s capacity.
1734517000.webp (770×513) Kataya explained that users can access their device settings, navigate to the Apps section, search for the AppCloud app, and press the disable button.
However, they may still be unable to completely remove the app from the device, even after disabling it.
The app may seem disabled on the surface but continues to run covertly in the background.
Kataya argues that Samsung’s partnership with the Israeli company IronSource—a deal restricted to regions marked by geopolitical tensions and instability—suggests the South Korean giant may have knowingly or unknowingly facilitated Israeli espionage against Arabs.
The exposure of this spyware raises critical questions about how “Israel” could exploit the collaboration between Samsung and IronSource to carry out cyberattacks, or perhaps, these attacks have already occurred—similar to the Pager incident—in what are known as supply chain attacks.
These attacks typically involve infiltrating trusted systems, such as widely used devices and software, to gather intelligence or implant surveillance tools.
As reported by Al-Estiklal, the Israeli military has consistently sought technological advantages, preparing for future conflicts in Lebanon and the wider region through proactive cyber and technological advancements.
The partnership with IronSource allowed “Israel” to collect valuable intelligence on Lebanese citizens long before the current conflict erupted, including gaining access to communication devices used by Hezbollah operatives.
The Israeli use of the AppCloud app to target Samsung’s A and M series phones—models marketed primarily to middle and lower-income populations—was likely strategic.
Their lower price point made these devices more accessible, thus facilitating the spread of spyware and widening the scope of data collection.
Could “Israel” resort to detonating devices that have been infected with malicious software, especially given that these phones are connected to the internet, unlike the pagers and walkie-talkies?
A tech expert ruled out the possibility of “Israel” resorting to a mass detonation of mobile phones carrying this app or similar software in the Arab region.
The expert cited economic concerns, noting the potential fallout on international trade should such an action occur, as well as Israeli commercial ties with global companies, including its American allies.
He argues that if “Israel” were to somehow detonate Samsung, Huawei, or iPhone devices, it would trigger a global trade crisis that could destabilize the smartphone industry, one that neither the United States, China, nor South Korea could afford to tolerate.
There are other intelligence-related reasons as well: the purpose of implanting spyware and surveillance programs is to gather information, and detonating the phones would deprive the Israeli Occupation of a crucial communication tool, one that allows it to infiltrate and eavesdrop on its targets.
Companies supporting Israeli Occupation The infiltration of Israeli spyware into global tech products raises troubling questions about how and why multinational companies continue to allow their devices and technologies to be manipulated in ways that may harm their economic interests.
The truth is that many of these companies, most of them American or heavily aligned with the U.S., are complicit in supporting the Israeli occupation, often out of economic considerations or due to pressure from powerful pro- “Israel” lobbies.
These firms, some argue, cooperate with “Israel” to benefit from its advancements in programming and technology, or because they fear the influence of global Israeli networks.
According to foreign reports, Israeli cyber operations infiltrate global tech companies—sometimes through employees who leak sensitive data or through direct collaborations with firms that support “Tel Aviv.”
One prominent case involved a protest in 2021 by 300 Google employees and 90 Amazon workers who signed an internal letter demanding their companies withdraw from Project Nimbus, a controversial deal to supply the Israeli Occupation Forces with dangerous technology used to target Palestinians.
Rather than halting the project, these workers faced retaliation and were fired, as The Intercept reported in November 2023.
The $1.2 billion Nimbus deal, which provides cloud services to the Israeli military and government, has been a point of contention among tech workers and human rights advocates alike.
The most recent incident occurred in April 2024, when 28 Google employees were dismissed after staging a protest against the project, further fueled by revelations that the technology was being used in war crimes committed in Gaza.
This marks a growing trend where tech giants, rather than reevaluating their complicity, continue to back the Israeli military-industrial complex, despite rising moral and legal concerns.
1319699190.jpg (1600×1066) A report by Time magazine on April 12, 2024, revealed an internal document confirming that Google provides cloud computing services to the Israeli Ministry of Defense, deepening its partnership despite the ongoing genocide in Gaza.
“The Israeli Ministry of Defense, according to the document, has its own “landing zone” into Google Cloud—a secure entry point to Google-provided computing infrastructure, which would allow the ministry to store and process data, and access AI services,” as reported by Time.
The contract shows that Google invoices “the Israeli Ministry of Defense over $1 million for the consulting service.”
On April 5, 2024, The Intercept reported protests against Google for supplying technology to the Israeli military to carry out “robotic crimes” — namely, the killing of Gaza’s civilians.
Protesters lay down on the ground wrapped in white sheets with a modified Google logo reading “Genocide,” demanding an end to the company’s collaboration with the Israeli government.
According to The Intercept, the Israeli military used Google’s programs for facial recognition to track Palestinians attempting to flee airstrikes or search for food to feed their families.
“Many of those arrested or imprisoned, often with little or no evidence, later said they had been brutally interrogated or tortured,” as reported by The Intercept.
An Israeli official told The New York Times that Google’s facial recognition worked better than any alternative technology, helping “Israel” compile a “hit list” of Hamas fighters.
Furthermore, Google Maps and Waze were used by the Israeli military to disable live traffic updates in the occupied Palestinian territories ahead of the Israeli ground invasion of Gaza, according to Bloomberg.
In addition, an investigative report by +972 magazine highlighted that “Israel” uses artificial intelligence to target and kill Palestinians.
Interviews with six Israeli military intelligence officers revealed that AI programs in Unit 8200 — responsible for cyber security and espionage — have been used to target and assassinate Palestinians.
Since the war began in Gaza, two AI-driven programs have been developed for this purpose.
One, “Lavender,” helped prepare a “kill list” of nearly 37,000 Palestinians for targeting without confirming their identities.
The other additional automated system, “Where’s Daddy?”, scanned Gaza’s population using big data, identifying names, identities, and addresses, leading to the mass extermination of Palestinian families.
Additionally, on April 11, 2023, Citizen Lab, a Canadian research organization, revealed a new Israeli spyware program similar to the notorious Pegasus.
The software, bought by governments including Saudi Arabia, the UAE, and Morocco, was used to target journalists and political opponents across multiple countries.
The program, developed by an Israeli company called Quadream Ltd — founded by a former Israeli military officer and ex-NSO Group employees — has already been linked to espionage activities.
Citizen Lab identified the victims “include journalists, political opposition figures, and an NGO worker,” confirming its widespread use in surveillance.
You must log in or register to comment.
This should make any Arab think twice about buying anything Samsung ever again in the future.
I’m sure Samsung isn’t the only one doing this shady shit, but now that we know…
I have a secondary phone which I bought in the United Arab Emirates (UAE) in 2018. It has a “TRA ID” and “TA” under “United Arab Emirates” section in the About Phone. Will this Aura spyware affect me?
The spyware was reported in 2022 according to the article by a person asking how to delete the spyware confusing it for bloatware. It’s extremely hard to tell if it was present before the initial post on the forum, or not. Though, it’s important to keep in mind that your phone, even if it doesn’t have aura / appcloud spyware, is still spyware until a fully free phone is developed.
is still spyware until a fully free phone is developed.
So the only option I have is to flash it with an open source custom rom? Interestingly, I can’t seem to flash custom roms on this phone. It can’t seem to pass after a few steps. Could the UAE origin be the reason? And, by the way, what is TRA ID and TA?
To begin with, yes, you could flash it with a custom rom and that’d get rid of os based spyware. Not being able to flash custom rom on a phone is not about the country you get it from, but the phone itself.
TRA ID, or Telecommunications Regulatory Authority ID, is a unique identifier found on devices, particularly Samsung phones sold in the United Arab Emirates (UAE). It serves as a confirmation that the phone unit is genuine and appropriately imported. The TRA ID is used to ensure that devices meet the regulatory standards set by the Telecom Regulatory Authority (TRA) in the UAE.
TA, which stands for Type Approval, refers to the type of approval granted to devices. It indicates that the device has met the necessary technical and regulatory requirements to be sold in the UAE market. The TA RTTE, specifically, stands for the type of approval, and it is part of the certification process that ensures devices comply with local regulations.
While it’s true that people should be wary of such apps (just being a data thief is enough for it to be bad), and there’s a decent chance that is indeed is spyware…
Even those who manage to disable the app find it reappears automatically, confirming its nature as high-tech spyware.
Isn’t this actually common behaviour in the usual bloatware crap that gets installed?
Common behaviour doesn’t make it alright.
It is, yes. After certain system updates these apps can sometimes be reinstalled/reactivated without the user’s knowledge. Samsung is notorious for this.
deleted by creator
Thinkpad X200T
How do you go from an article about spyware on PHONES to recommend a LAPTOP? They are not the same thing. Do you carry this laptop in your pocket to receive phone calls and whatsapp your contacts?
I’m simply providing an alternative. We all know ultra-processed food is bad, but that alone doesn’t help anyone be healthy. They need to know what to eat (in this case) use instead. Yeah I carry it by putting it in the same light and small backpack I put my other stuff in when going out. I do not use WhatsApp and do not have a phone number. Counterintuitive to go through all the troubles of being as free and as private as possible and then use WhatsApp spyware and a phone number
https://canoeboot.org/ is developed by the same person who makes Libreboot, and is more updated than GNU Boot.
Although using something like this or GNU Boot will prevent you from obtaining microcode updates, which can leave you vulnerable to exploits. The CPU already has baked in microcode and updates are signed by the CPU designers (AMD and Intel in the case of x86 computers). Regardless of whether you update it or not, it is still proprietary code running on your computer. If you really don’t want any proprietary code running on your computer, just get a RISC-V board (although I’m not aware of any actual RISC-V silicon that is 100% free, but there are 100% free designs out there).
Stallman and GNU never placed much importance on free hardware designs, as normal people do not have the means or the machinary to manufacture something as complex as silicon or PCBs with small details, for instance, but that ignores FPGAs, PCB manufacturing plants, and small-quantity silicon production, which are all more modern progressions of technology.
The purpose of GNU and the FSF is not to prevent supply-chain attacks and to ensure security, but to empower users with the freedom to modify the software that runs on their computer. It just so happens that those idiologies align most of the time.
It is also a bit unrealistic to expect a society to just stop using smartphones, so we should be working on creating fully free smartphones, which are projects that some companies (Pine64, Liberux, Purism) are working on accomplishing. Even those phones still use ARM SoCs and proprietary modems. The proprietary modem problem especially is the biggest one, as getting something like a software defined radio certified by both cell carriers and the respective government organizations is a beast in itself. Every device needs a valid IMEI code to use a SIM card, after all. Also I believe SIM cards themselves can do processing, but don’t quote me on that.
Not to mention the fact that there are no WiFi chips that work without firmware blobs that operate on any standard newer than 802.11n. SDRs might be more feasible here, but government regulation would still be a problem. https://github.com/Nuand/bladeRF-wiphy/
If you’re looking for a RISC-V laptop, Framework has a board available based on the semi-popular JH7110 SoC used in the VisionFive 2: https://frame.work/products/deep-computing-risc-v-mainboard
Lots to cover so let’s start one by one: Firstly, even trying to put my GNU biase aside, canoeboot is just libreboot with the non free stuff removed. The problem with that is it has been shown to allow some non-free firmware in a recent version, and so, I feel like using a more independent free bios would be better atleast for me. I understand the fact about the chip itself being non-free, but as for a laptop, that’s just the most free you can get right now (do correct me if I’m wrong), so it’s better to use the most free option rather than using a less free option because the most free option isn’t fully free. I completely agree and can’t emphasise that enough: The FSF and GNU are not made for security. A lot of people especially the ones complaining how not allowing microcode updates allows for security risks don’t understand that the FSF’s and GNU’s goals are to protect user freedom. I don’t believe in a society without phones, it’s just if those phones exist, they should be free, transparent, and respect user privacy. Finally, I did know about riscv, but as you mention, I also knew that there were no 100% free boards. By designs, they still need the proper tools and need to be done by a proper computer engineer right? The framework board isn’t 100% free right?
I personally have a GNU bias as well (watching Stallman talk is what got me into free softwars to begin with), but the allowing of non-free software is in Libreboot and not canoeboot. Canoeboot was created as a direct response to GNU Boot, since GNU Boot is just a fork of Libreboot with all blobs removed, but it wasn’t being rebased often, if at all.
https://canoeboot.org/news/policy.html
but as for a laptop, that’s just the most free you can get right now (do correct me if I’m wrong)
I linked one at the end of my post. Not going to be cheap, though, since it’s Framework. It’s also not going to be very fast. I don’t think the board is free, but niether are any Thinkpads. There is freely licensed official documentation, though for their laptops, although I’m not sure about the third party RISC-V board: https://github.com/FrameworkComputer/Framework-Laptop-13
As for the point about security, in the cases where it comes to state run cracking groups or other high skilled crackers like what is mentioned in the linked article, it is not enough to just have as free of a system as possible, but also as secure and updated of a system as possible. You mentioned in your top level comment that people should use devices that run 100% free software as a direct response to this news article, but leaving any gaps open will allow for these crackers to infiltrate. The plain and simple version is that both are important.
Does the X200 even support VT-d to run something like Qubes with a Linux-libre kernel?
You also didn’t cover the point about embedded firmware blobs, like embedded microcode in every x86 CPU since the Pentium Pro, and not just microcode updates.
Also maybe separate your points into paragraphs for legibility.
Thank you for your helpful comments. I’ll look into Canoeboot more, but will probably still flash GNU Boot.
I took into consideration what you said about security, and overall, I believe you’re right.
In conclusion, I appreciate your advise and will look further into canoeboot, security, and the framework Risc V motherboard in addition to Risc V in general.
I’d love me one of those Talos2 boards. $$$$ though.
I tried searching up what hardware they run, but I got nothing. Do you know what hardware they run?
It’s more or less a custom board design, but the CPU’s are IBM Power9 architecture.