Samsung is facing online scrutiny after fresh claims accused AppCloud, a pre-installed system app on Galaxy A, M, and F devices, of functioning as “unremovable Israeli spyware.” The uproar, which has been simmering for over 2 years, exploded again this week after a viral post on X alleged that the app could silently install unwanted apps, harvest user data, and persist even after being disabled.
The controversy hits particularly close to home for African markets like Kenya, where Samsung’s Galaxy A series dominates mid-range sales. The suggestion that these devices may contain persistent, unremovable software developed by an Israeli-founded company is already raising consumer alarm, especially given Samsung Galaxy A and M series’ large footprint across Africa, Asia, the Middle East, and South America.
AppCloud is a recommendation engine installed on many Samsung mid-range phones, designed to suggest third-party apps (aka ads) during setup or after system updates. While many users have long dismissed it as simple bloatware, its deeper system-level permissions have made it extremely difficult to remove. Even if disabled, the app tends to return after OS updates.
Until now, most concerns were focused on annoyance and monetization. But AppCloud’s origins have added a geopolitical angle: the app is built by ironSource, an Israeli-founded company now owned by Unity. That detail has recently reignited accusations that the software could be misused for surveillance, especially in regions where Israel’s business activity is restricted.
The latest wave of controversy stems from a post by International Cyber Digest, which amassed over 7.4 million impressions on X. The post claims AppCloud operates as “unremovable Israeli spyware”, echoing concerns previously raised by Lebanese digital rights group SMEX, which argued earlier this year that ironSource’s data collection practices pose “serious legal and ethical implications” in West Asia and North Africa (WANA).
Why mid-range Galaxy phones — and why these markets?
Curiously, the app is only preloaded on Samsung’s mid-tier Galaxy A, M, and F lines, and not on flagship devices like the S or Z series. That raises a big question: is this because of where these phones are sold?
Samsung’s A and M series dominate emerging markets including Kenya and much of Africa, India and Southeast Asia, the Middle East, Latin America, and parts of Europe. If AppCloud’s presence is tied to these geographies, it strengthens the argument that the software — intentional or not — disproportionately affects regions with lower regulatory scrutiny and higher demand for affordable phones.
The timing also couldn’t be worse for Samsung’s public image in Kenya.
Earlier this month, we reported on an ongoing case in which the DCI allegedly installed FlexiSpy spyware on the phones of BBC Africa journalists involved in the Blood Parliament exposé, including Samsung, OPPO, and Redmi phones.
That report already raised questions about the ease with which some devices can be compromised. The AppCloud uproar now adds a new layer of suspicion, creating the perception, fairly or not, that Samsung’s software ecosystem may be more permissive than consumers realize.
Further fueling the distrust is ironSource’s past involvement in installCore, a controversial app-bundling service used on Windows and macOS to push additional software during installers. Security vendors widely flagged installCore as a “potentially unwanted program” (PUP) because it operated silently and often without clear consent.
That historical baggage makes today’s allegations harder to dismiss, even though there is no confirmed evidence that AppCloud is harvesting data or being used for surveillance.
So, is it actually spyware? To be clear, no public evidence currently proves that AppCloud is spying on users. ironSource has also not been accused of wrongdoing specific to Samsung devices, and no, Samsung has not issued a statement addressing the controversy, although Android Authority says it has reached out.
However, what is factual and worrying is this:
- AppCloud is a system app with deep privileges.
- Most users cannot uninstall it normally.
- It can re-enable itself after updates.
- It can install recommended apps without explicit repeat consent.
- It is tied to a company with a controversial software history.
Even without confirmed spying activity, that combination alone is enough to raise eyebrows, and ideally, prompt Samsung to offer a permanent uninstall option. For now, the only reliable way to remove AppCloud is through ADB commands, which require a PC and some technical skill. Most users are unlikely to attempt this.
If AppCloud is truly harmless, Samsung must say so clearly and provide a way to disable or remove it permanently. If not, the company risks damaging trust in its most popular smartphone lineup.
We’ll update this story if Samsung issues an official statement.
