Samsung has come under renewed scrutiny after privacy advocates and users raised concerns about a little-known app called AppCloud that the company ships preinstalled on many Galaxy phones. Once dismissed as mild bloatware that surfaces app recommendations during device setup, AppCloud is now attracting criticism for its ties to an Israeli-founded ad-technology firm, its opaque privacy practices, and the difficulty of removing it from affected devices.
What users are seeing on their phones
On a range of Samsung's budget and midrange lines — notably Galaxy M, F and A series models sold in India for several years and rolled out to many West Asian and North African markets since 2022 — AppCloud appears during the initial device onboarding. It acts as an app-installer that suggests third-party apps and prompts users to accept or postpone installations. Several owners report the prompt can produce a persistent notification until the selection is completed or the component is disabled.
Although AppCloud can be disabled through system settings, it is not straightforward to remove without root access, which has led many security-minded users to describe it as effectively persistent software on their devices. Observers also note that the app's privacy policy is not readily available to users online, leaving unanswered questions about what data it collects and how that data is used or shared.
The company behind the technology
Investigations by privacy groups earlier this year and reporting by technology outlets identified links between AppCloud and ironSource, an ad-technology company founded in Israel. ironSource was acquired by Unity, the US-based game-engine and ad-technology company. Unity lists its corporate information and products on its website and is the official parent company of the ironSource assets.
ironSource has a controversial history. In earlier years it operated InstallCore, a distribution program that critics said installed software without clear consent and bypassed some security warnings. That program was widely criticized by security firms and anti-malware vendors, creating lingering wariness among privacy advocates when ironSource-branded technology appears on consumer devices.
The specific AppCloud package, however, is not clearly documented on ironSource's public product pages, a fact that has added to user suspicion. The component's absence from vendor documentation, combined with the lack of a transparent privacy policy, is central to current criticism.
Why the app's origin matters in certain regions
Beyond general privacy concerns, AppCloud's origins pose political and legal complications in parts of the world where Israeli companies are restricted. Several West Asian and North African countries have laws or policies that bar Israeli businesses or impose operational constraints in light of the ongoing Israel–Palestine conflict. In those markets, the presence of a component tied to Israeli-founded technology has inflamed public debate and raised the prospect of regulatory or reputational consequences for device makers that ship the software.
Civil-society organizations and regional users have urged Samsung to consider local sensitivities and to be more transparent about what the software does and who controls it.
Calls for transparency and what Samsung could do
Privacy advocates, consumer groups and affected users have asked Samsung to take several steps to address the controversy:
- Provide a clear, visible opt-out during the initial setup experience.
- Publish an accessible privacy policy detailing data collection and sharing practices for AppCloud.
- Make AppCloud fully removable without root access, or stop preloading it in markets with heightened sensitivity.
- Disable AppCloud in system settings to stop active notifications and behavior.
- Review app permissions and limit access to contacts, location and storage if those permissions are exposed.
- If you are comfortable and understand the risks, advanced users may remove preinstalled packages with root access; this is not recommended for average users and can void warranties or introduce instability.
- Contact Samsung support through official channels and request clarification or an opt-out; public pressure has prompted companies to change preloads in past cases.
Outlets covering the issue have said they reached out to Samsung for comment; at the time of reporting Samsung had not issued a public response to these specific complaints. Users and activists say a prompt corporate reply will be necessary to calm concerns.
Potential risks and implications
Because the app functions as an installer and recommendation engine, the principal risks are informational and reputational: lack of transparency about data handling can expose users to unwanted data collection and raise questions about consent. For Samsung, the episode highlights the tradeoff device makers face between monetizing software placements on lower-margin hardware and managing consumer trust, regulatory compliance and geopolitical sensitivities.
Regulators in affected countries could demand explanations or take action if local laws governing foreign technology, data protection, or consumer rights are considered violated. For Samsung, continuing to ship an opaque component in sensitive markets risks both regulatory scrutiny and consumer backlash.
What affected users can do now
If you own a Samsung device that shipped with AppCloud, practical steps include:
For more background on the broader findings, privacy organizations such as SMEX have published investigations into similar preinstalled components and regional concerns.
Broader context and next steps
Preloaded app ecosystems are a long-standing revenue source for smartphone makers, carriers and platform partners, but they are increasingly scrutinized by privacy advocates and regulators. Transparency about who develops, owns and controls bundled software — and clear user choices at setup — are now essential to maintaining trust.
Samsung will likely need to weigh the commercial benefits of partnerships that place app-installers on devices against the reputational and regulatory costs in sensitive markets. At a minimum, publishing a clear privacy policy and providing an explicit opt-out during setup would answer many immediate user concerns. More substantive changes, such as making the component removable without root or limiting its deployment in markets with legal restrictions on Israeli-linked firms, could follow if pressure continues.
Until Samsung comments publicly, users and regional watchdogs will continue to press for answers about what AppCloud does, who ultimately controls its data flows, and why it was included on devices sold in jurisdictions with heightened sensitivities.
For official corporate information, see Samsung's global site at https://www.samsung.com and Unity's corporate pages at https://unity.com. For advocacy reporting on preinstalled components in the region, see SMEX at https://smex.org.