The original SMEX article is from May, and thecanary does not add any new information.
https://smex.org/open-letter-to-samsung-end-forced-israeli-app-installations-in-the-wana-region/
this post was submitted on 22 Sep 2025
338 points (98.6% liked)
Technology
4380 readers
604 users here now
Which posts fit here?
Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.
Post guidelines
[Opinion] prefix
Opinion (op-ed) articles must use [Opinion] prefix before the title.
Rules
1. English only
Title and associated content has to be in English.
2. Use original link
Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communication
All communication has to be respectful of differing opinions, viewpoints, and experiences.
4. Inclusivity
Everyone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacks
Any kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangents
Stay on topic. Keep it relevant.
7. Instance rules may apply
If something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.
Companion communities
!globalnews@lemmy.zip
!interestingshare@lemmy.zip
Icon attribution | Banner attribution
If someone is interested in moderating this community, message @brikox@lemmy.zip.
founded 2 years ago
MODERATORS
Did Samsung ever address removing it, or saying the software was useful, instead?
Social Media Exchange (SMEX), a nonprofit digital human rights organisation focusing on the West Asia/North Africa (WANA) region, has warned people living in these regions that an effective spyware app developed by an Israeli firm is quietly embedded in Samsung smartphones across the region and poses a serious surveillance threat.
The region is quite an important part of the message.
Somebody convince me not to say fuck it and build my own brick of a phone with an rpi5
There are a few projects already in existence that might be more convenient, than an rpi5 like fairphones, and I think the grapheneos team is looking to develop something too.
Yeah, that's the more realistic option. Though it would cost several hundred dollars more.
Not that I have a better idea, but Graphene os devs I think were found to be scummy by Louis Rossmann at some point.
Source? Not arguing, I'm just not informed.
https://youtu.be/Dl1x1Dy-ej4 This is something I could find real quick, I don't remember exactly what happened but ig you can see for yourself. Cheers
That's his second channel by the way, not some reposter.
The lead developer in question seems to have stepped down from the position.
Graphene is the currently most secure option, whatever drama Louis stirs up again.
Not contestintn that, but that wasn't drama stirred up by Louis.
Mobile telephony support just comes as a module, so that's actually the easy part.
The harder parts are to make the whole thing consume a low enough amount of power that you can keep it running from a non-monster-sized battery, and I suspect that an RPi 5 board isn't very good for that (hobbyist development boards tend to not have been designed to avoid wasting power, even when the underlying microcontroller/processors is actually decent at it), and integrating an OS with support for a touch interface, especially if you want to avoid Android.
I mean, it's not too hard to make a brick sized dumb phone and even have it be a mobile phone powered by AA batteries, but if you want a mobile smartphone, it gets more complex.
Unless you have the time and skills to take up the challenge you would probably be better of getting something like a Volla phone with Ubuntu Touch or a Pine phone.
What if you take the battery from a small laptop? It may still be bigger than a whole smartphone, but comparatively small and with some ten watt-hours.
Even a smallish LiPo battery will give you some time. The question is how little becomes too little.
And on the other size you can always give it more battery: after all the original mobile phones were the size of a briefcase.
Ultimatelly how bad it is to go with a Raspberry Pi depends on how much more it with the software it has consumes than what a custom circuit designed for saving power using software configured for that (for example, not running needless services). Further, how much would, say, the extra power used in an HDMI connection over other more lower level protocols of talking to a display really matter next to the power consumption of the display itself or the GSM module, both of which tend to be big power users?
I know for sure that if you design a custom board with a basic STM32 microprocessor and add a 2G GSM module to it, most of the consumption ends up being the 2G module anyway, so you could probably get away with just using some hobbyist board with it instead of designing your own with just what you need and a proper Voltage Converter. However I haven't really tried doing a battery powered smartphone with an ARM SBC so I don't really know for sure.
Good luck with that
Maybe you'll be interested in this project: https://github.com/evanman83/OURS-project
Yeah, I saw that one the other day. Definitely a cool project. I might take a deeper look at it at some point.
That website is an excellent resource, but they can't just expect everyone to have money for a pixel, even if privacy is a priority for me and many people, a pixel is just beyond the reach of the large majority of internet users.
Instead they need to make a curated list of less than ideal but still better than stock alternatives, or else people will just give up and get stock android instead.
pixels are supported for 7 years now, and older second-hand phone is still an option. but agree on privacy being a spectrum and not an absolute.
Pixels are also running on poor hardware. This has always been the case, but recent releases are showing really poor cpu performance compared to competitors.
Edit: for example, the OnePlus 13 that was released 8 months before the Pixel 10 Pro is 40%+ faster, and $150-250 cheaper. The battery is also 20% lower capacity.
I don't know why you're being downvoted for stating a fact, because Pixel hasn't had competitive hardware for several iterations now.
I used to think like this. However, if someone says, "The most expensive phone I can afford is embedded with unremovable Israeli spyware, and there is no operating system that is open-source and receives regular security patches available for it, and I can't afford to pay for internet access, so I use the platform that only lets me access Facebook", I'm not sure that there's much I can do to help them. If someone said, "Can I use a phone that costs less because it's subsidized by Facebook while being protected from malware and surveillance?" I'd respond with, "The answer is probably 'no'". I'm sure that it's possible to be in a situation where the only choice is to have no internet access at all or to use the internet in a way that makes one vulnerable to surveillance, and I think it's likely that getting more money is the most reliable cure for that situation (and it might be true that no other cure exists).
privacyguides.org probably has a target audience of people that are being actively targeted by sophisticated government actors, and displaying information about a measure that is inferior to another measure in every way other than cost would make it more likely that someone would use the inferior measure in an inappropriate situation, and that could cause someone to be in physical danger, so it's probably best to just not mention any measure unless it might be superior to all other measures in some situation (without considering monetary cost). For people that are subject to less physical danger but more cost restrictions, it'd probably be better to have a separate website. I do think that such a website would probably have less funding available (since privacyguides.org will probably receive funding from the audience that is mostly unencumbered by resource constraints, so any other website will probably receive less funding) and therefore less expertise available, which would be regrettable (since I do have old phones that I'd like to make more secure).
There was a time when there was no formal recommendation for computing hardware from privacyguides.org at all, so having one at all is an improvement compared to the past. It's unfortunate that there aren't two options that meet the documented criteria, but having one is better than having none. For now, the best we can hope for is probably a phone model that meets relevant criteria (or where the only unmet criteria could be met due to new software being made available) becoming more popular, such that its price comes down due to having an economy of scale. Hopefully that will be a phone model not influenced by Google.
The region is a market where it's either Samsung, Apple, or any of the known Chinese brands -- Huawei, Redmi, OPPO, Vivo, etc. -- which sell cheaper than either of them while carrying some premium features, and unfortunately most have to buy those phones due to either FOMO or because some are very cheap. Anyone engaged in more sensitive political positions may have to keep on using dumbphones.
The app’s privacy settings claim that users can disable this data collection by turning off “AppCloud” in the app list.
They don’t just “claim” that - that’s how Android works lol.
So in short the whole article could have just been “disable this app and you don’t have to worry about it”. Doesn’t have as much of a tinfoil ring to it I guess?
Because Israel has shown itself to be trustworthy when it comes to software /s
Israel don't make Android. Apps can't override how android disables apps at an OS level.
- said every hacker ever
You think Android lets apps override their app disabling feature? You should report that to Google, they’d be shocked to hear it.
Yes. It's not the first time it's been done either. Then there's the loopholes as well, like Meta was doing recently.
Apps that have been disabled at a system level cannot run.
Sure, you tell yourself that buddy. Israel is happy for you to believe it.
Go tell Google, they’ll pay you millions in big bounties for how Israel is doing this. Unless of course you have zero evidence that app developers can do this in Android……
Yeh thought so.
You don't have evidence that Israeli app developers can't do this either.
It's almost as of we're lacking the money, skills, and manpower of a nation or something.
I dont have to prove the negative, its on you to prove that they can.
Even if it was up to me though, the OS prevents apps that have been disabled from running. AOSP’s documentation says this.
Again - show Google it happening and you’ll be an instant millionaire. Why haven’t you done it already? Just DM me the evidence and I’ll do it since you don’t want to.
We have evidence that they can do, simply not evidence that they're doing it currently.
Israeli technology is already used to bypass encryption and security on both Android AND iOS. This despite the documentation showing they have security features that make them safe. Here's just some news articles talking about it over the years: https://gizmodo.com/cops-have-less-time-to-break-into-iphones-thanks-to-ios-18-1-security-measure-2000522523
https://twoeva.com/2025/04/10/android-apps-spyware-exposed/
And despite it being well known by now that they're able to do this, neither Alphabet nor Apple has been able to (willing to?) stop them.
It would be utterly naive to think that Israel can't make an app that can ignore being disabled, considering they can make software that can straight up get around literal security features allowing law enforcement to enter locked phones. The last article in particular is about bypassing system rules, quote;
The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.
Basically, you'd have to e stupid to think that a system saying "permission not allowed" is enough to stop a maliciously intended app, but even more stupid to think Israeli backed technology can't, considering the existence of tools like Pegasus and the past operations and actions of Mossad, along with so many governments adopting Palantir.
At best, you're blissfully ignorant of things, at worst you're part of the problem, to think this pre-installed app can simply be stopped by disabling it. If they seek to spy on you, a disablement isn't going to stop them. It's laughable you think it is. That you think it isn't, really shows how little you actually know or understand the technology.
External PC programs that can be used to break into phones is not the same as apps being able to circumvent OS-level disabling lol.
Okay now I know you're arguing in bad faith. Not only were 2 of the articles about apps on a phone and not external Israeli software, but over half my comment was about on-phone software bypassing permissions.
Goodbye.
None of those articles say a thing about on-device apps being able to overrule being disabled by the OS.
I literally quoted an article saying how meta and Yandex specifically got through operating system features it wasn't supposed to.
Anyone who comes across this chain can easily see at this point you're a bad faith troll now. A bad one at that. This discussion is over. Blocking you now.
But not from being disabled which is what we’re talking about. If it can’t run it can’t do any of that.
view more: next ›