I suspect a strong link between mass surveillance (by corporations for advertising or by states for intelligence purposes) and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.
Wherever you are from or whatever side of the conflict you are on, I think we can all agree that it’s never been easier to infer so much about a person from “semi-public” sources such as companies selling customer data and built-in apps that spy on their users and call home. It allows intelligence agencies to outsource intelligence gathering to the market, which is probably cheaper and a lot more convenient than traditional methods.
“Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.
Yes, privacy is a question of civil defense in the drone age. But the existing crop of states will never acknowledge that; their structure and institutions presume precisely the kind of mass databases of PII that create this vulnerability, as well as institutional transparency for public accountability. This makes them structurally vulnerable to insurgencies that expropriate those databases for targeting. The existing states will continue to clutch at their fantasies of adequately secured taxpayer databases until their territorial control (itself an anachronism in the drone age; boots on the ground can no longer provide security against things like Operation Spiderweb) has been reduced to a few fortified clandestine facilities.
Things are going to be very unpredictable and, I suspect, extremely violent.
This has been going on in Russia on massive scale. For bribes officials sells anything including highly sensitive databases. Those were used to uncover various Kremlin-run assassins targeting oppositions. Then Ukrainian special services used those to target high-ranking Russian military officers. Russia tried to crack down on that but it just increased the database price tag.
I suspect Israel has backdoor access to most CPUs.
Here is how Pegasus seems:
- China has 1.5 billion people, lots of resources, would profit a lot economically if they found a way to hack iOS, etc. But yet couldn't hack it.
- Israel with its 7 million people, not only hacks iOS multiple times, but does it to spy on its allies.
Now I've seen the threads analysing Pegasus' complexity, I don't know if it's been reproduced, and if it has then I guess it logically proves me wrong (the tinfoil hatter in me still thinks its right though).
Here is why:
Israel has a lot of silicon fabs or R&D centers, now it makes ZERO sense for the US to have fabs or R&D centers in Israel, since that country is (allegedly) always at the risk of being bomber for no reason at all (yeah right).
Intel has had fabs in Israek since the 80s, why not in Japan or France or the UK (France and the UK are close allies to the US and have no earthquakes or risk of being bombed), why not even Canada?
And I compared the dates of when intel started putting the Intel Management Engine in all of their CPU and the date of which they built their biggest fab in Israel, then I went down the rabbit hole of when AMD started using PSP (similar tech to Intel ME), and it coinciding with it buying a large pentesting startup in Israel, then starting to build its R&D centers there, Apple and Qualcomm have similar stories.
Obviously this is all tinfoil, and while the dates coincide it's obviously not enough.
But to each their own, and I choose to treat my tech as if it was all was backdoored already, because for me the evidence (while not enough to be sure) is enough for how much I value my privacy.
> Here is how Pegasus seems: - China has 1.5 billion people, lots of resources, would profit a lot economically if they found a way to hack iOS, etc. But yet couldn't hack it.
That you know of. Maybe they just don't indiscriminately sell the results to anybody who shows they have money. Or maybe they have different strategies for spying.
> - Israel with its 7 million people, not only hacks iOS multiple times,
NSO and friends find zero-days or buy them on the open market (not just from Israel). Citizen Lab has identified specific vulnerabilities used to install Pegasus. The exploits don't require or use CPU back doors.
... and you think Israel's smaller population somehow translates into better infiltrators than China has, but not better hackers than China has? Israel also makes better halva than China, by the way.
That kind of "logic" is what turns you into a loony raving on a street corner somewhere.
> but does it to spy on its allies.
Everybody spies on their allies, at least opportunistically. But Pegasus is a commercial product, sold to basically every government and mostly used to spy on normal people, not other governments. The people writing it have ties to Israeli spies, and I'm sure it's been used by Israeli spies, but it's general-purpose.
> Israel has a lot of silicon fabs
As far as I can tell, Israel has one facility capable of making
remotely serious CPUs. It's owned by Intel. There are no phones using
Intel processors.
The processors in iPhones are "Designed by Apple in Cupertino" and fabbed by TSMC in Taiwan. The processors in basically all other phones are ARM, and most of them also come from TSMC. Pegasus does not run on Intel processors, ever.
> And I compared the dates of when intel started putting the Intel Management Engine in all of their CPU and the date of which they built their biggest fab in Israel
So the fab somehow reached out into the rest of Intel and retroactively caused it to develop a heavily advertised feature?
> I suspect a strong link between mass surveillance [...] and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.
We all like to imagine this super cool clandestine hacking operation using peoples mobile phones to secretly track people who visit nuclear facilities back to their homes.
The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.
> The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.
If there are spies in foreign countries going around offering life-changing sums of money for USB sticks, which people are accepting
is it not also plausible that folks at google/samsung/apple/aws/cloudflare/microsoft are getting offered life-changing sums of money for leaving their work-from-home laptop unattended for 5 minutes?
Israel, like any other state, must be using a variety of methods including good old "human intelligence" so it's not either-or.
In addition, saying that
> someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university
is an oversimplification on multiple levels:
1. Low-level employees typically don't have access to sensitive information.
2. With human intelligence, there is always a risk that the person you (e.g. Israel) are in touch with (e.g. an Iranian officer) who pretends to be a "double agent" (e.g. leaking info to Israel), is in fact a "triple agent" (e.g. actually working for Iran to mislead Israel).
3. You can send your kids to foreign universities but not your siblings, your parents, your wife's family, and so on... Some of your beloved ones are almost certain to suffer the consequences of your actions. High treason is no joke.
Almost all of Iran's cell network system was originally installed by S. Korean firms. They've changed some to Chinese brands, but apparently the compromised S. Korean brands are still around.
Changing from SK to CN is a trade from intentional vulnerability to unintentional vulnerability. I’ve yet to see a secure piece of software come out of China in my 30+ years of coding.
If you're a valuable enough target, like these Iranians generals/scientists they just need to find you once and then they can continuously track your movements via satellite. They don't need much precision, just which building to level
this is a totally illogical way of understanding warfare in terms of absolutes. Not every target is worth leveling a building over. It isn't that black and white
Europol now argues that privacy is not a right and that we need to “think of the children”. EU is now pushing some abhorrent policies and legislation to demand backdoors.
We, the people, need to demand and force our politicians to work for us.
The gop is controlled by donors who are mostly free market liberals. Elon won’t let anyone “censor” (regulate) x. The democrats don’t care about national security historically, and it’s not currently an issue their cosmopolitan TikTok loving base cares anything, at all, about. “Security” is something that most democrats I talk to now associate with deportation or military spending, both of which they ferociously hate. Across parties, policy and discourse are reactive. Security requires a proactive orientation that it seems the public sector may structurally lack.
> “Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.
lol. lmao even.
this is the holy mary of security, politicians (US) will not give a damn as long as they’re not the ones being targeted and as long as the ad giants like google and co keep lining their pockets.
The article leaves out quite a lot about what AppCloud is, but it's essentially how Samsung monetizes their non-flagship device users and can do things like insert installation advertisements into the notification tray, and silently install apps.
Personally, if I found this on my device it'd be the final straw to grit my teeth and finally get a personal apple device.
> AppCloud—pre-installed on Samsung’s A and M series smartphones.
Samsung’s A and M series smartphones are their cheapest models so their buyers probably cannot afford better phones. I don’t know of any other brands selling in the region with similarly priced models that have better privacy practices than Samsung either—they’re all the same at that price point I’m afraid.
Their stock android is fine. If you want more privacy, installing e/OS/ is trivial. It blows my mind that anyone is concluding Samsung stuff is worth buying under any circumstances.
Just buy a 5 year old iPhone - it's likely to be still better than the cheapo phone, and will get longer support as well, while being sold at rock bottom prices.
I just replaced my iPhone XS, not out of necessity, but I wanted to see what the new ones were like. The 16 is barely better and I was suprised to find just how little the old one was worth second hand, considering it still runs circles around most midrange Android handsets.
I can assure you that they do the same thing with flagship phones, especially carrier versions of the phones -- speaking from first hand experience. I have seen notifications from apps I have never heard of multiple times.
That's what I have been thinking recently -- given that Samsung is quietly doing these shady things with my phone, and other annoyances like Samsung forcing Galaxy AI on me (try selecting some texts in a browser or webview) which cannot be uninstalled and the terrible Samsung Pay interface, I am questioning my device choice every day.
The "unremovable" part is inaccurate. While you can't completely remove it because it resides on the system partition, you most probably can still disable it with an adb command:
adb shell pm uninstall --user 0 com.package.name
This command is very powerful as it works for any app, even those that have "disable" greyed out in the settings. I disabled the Galaxy Store on my S9 this way for example.
To be pedantic, yes, but not in a way that matters. The system partition is read-only. Mounting it read-write would require root and any modifications would break system updates. The apk will still be physically present in the file system, however, none of its code will run and it will be removed from your launcher and installed app list in settings, which IMO still counts as a removal.
Also, English is not my native language. I feel like I did get my point across anyway.
I had a Samsung phone and did the same with mine. Wrote a small tutorial here(https://harigovind.org/notes/removing-samsung-android-bloatw...). But even then, these apps will pop right back after system updates and those were becoming more frequent. I got rid of it shortly after, nowadays I use Moto where bloatwares are comparatively minimal.
This does not work on all phones. Some OEMs (like Motorola) leverage the 'nodisable' feature to prevent this and other APKs from being disabled.
On my 2025 Motorola RAZR 5G, in /product/etc/nondisable are a series of XML files listing carrier and activation apps for Dish Wireless, Tracfone/Verizon Value, T-Mobile, the Amazon App Manager, and two apps provided for finance providers PayJoy (who lock and disable phones for financial product recovery) and one for Claro internally (that operates similar to Payjoy).
These affect the "disable" button and the "pm disable" command, I believe. The "uninstall" command can't be prevented from working to my knowledge.
But then I haven't had any experience with carrier phones. We just don't do that where I live, all phones are sold unlocked for full price and all plans are prepaid.
Words don't just have a literal, technical meaning. If the phone itself doesn't allow a straightforward, user friendly happy-path for removal, it might as well be "unremovable" in a sense that it is indeed unremovable for most users. "adb shell etc" implies that one has a PC with this tool correctly installed, and many people don't even have a PC in the first place. Then comes the case of installing adb, setting it up correctly, and having a cable to connect the two, enabling debug mode, and doing the thing. This is much more like a service thing, than a do it yourself at home thing. Not much unlike "chip tuning" for cars.
This doesn't strictly require a PC. There's this trick with using the wireless debugging feature to connect the phone to itself. You can do it with a terminal app like Termux but Shizuku is a nice GUI that streamlines this process and exposes an API for other apps to use. After a quick web search I found https://github.com/samolego/Canta which is, again, a GUI app that uses Shizuku to uninstall apps via adb.
I agree that it's not easy, but anyone sufficiently annoyed by these non-otherwise-removable apps who is able to follow instructions should be able to get it done without needing a computer or special knowledge or messing with the command line.
The article claims the app can only be removed with root access, which requires more difficult and technical steps to attain than running an adb command. If uninstalling the app with adb works and doesn't result in the app being promptly reinstalled, then the article has a significant factual error.
Samsung has an entire PR team who get paid to misrepresent things — you should at least get paid for what you’re doing. You’ve already admitted that it can’t be removed and if it takes some shell work you’re not even sure about to disable it, that almost certainly means it’s coming back on every update.
Yes, but for most people (I'd guess 99% or more), they would never know to use the above, and I'm those who did find a guide might have issues using adb on their likely Windows or MacOS machine.
I had a OnePlus whatever as a work phone in my last job. Every time I used adb to purge the OnePlus crap, it would somehow find its way back. Eventually I settled on disabling autoupdates from the play store, so it was stuck at whatever outdated, and hopefully broken, version the phone shipped with.
OK, I see that one can get a list of all installed packages via adb:
$ pm list packages
How does one know which are safe to disable? In the sense that there won't be unexpected side effects. Besides, not all the names make clear exactly what the package is for.
Each one needs inspected one by one - but there is always the chance that package names have been purposefully obfuscated. It's really quite the uphill battle.
that doesn't work for every package. Some packages aren't authorized to be disabled this way, i.e. you can't disable them this way.
* Some packages can technically be disabled this way, but they cause unrelated issues like the phone wasting processing resources, even overheating the device; or bootloops.
* Less relevant, but the
package is disabled, but removed. The system can still reenable it, reinstall it, or upgrade it.
* Edit: I can't find a way to format this. It shows as a text block.
How would one go about using adb? Motorola, stock Android. Do I need to root my phone for this to work or what are the requirements, or how do I perform it?
As this post is trending quicker and more than I would have expected it to, I would like to add to this story:
It appears to be a similar case across the MENA region. While the SMEX post primarily focuses on WANA, it is possible to find other reports (e.g. [1]) from the MENA region that describe similar practices by Samsung. There, however, the stories talk about "Aura", rather than "AppCloud".
Yes, but, no. It's one of these things where multiple terms mean the same thing but then again come from different times/areas and, upon closer inspection, mean different things. But they're the same. But not really. [1]
A.k.a. I tried to be as politically correct and cite the term used by the respective reporting. The main point I was trying to bring across was that apparently there are two apps involved, not only a single one.
I used to manage an enterprise fleet of mobile devices.
This AppCloud crap has also been pushed to devices in the Europe Open Market.
I also know that this shouldn't have been installed on enterprise devices (either Android Enterprise managed by MDM or E-FOTA managed - don't remember exactly). We had an akward conversation with some Samsung representatives..
Same thing in Europe and North America. AppCloud is present on Samsung devices. Sometimes from the get go, sometimes after system update, sometimes after security update (the irony of that!). Carrier-locked or not, it doesn't matter. Sometimes it's visible only after switching the "Show system applications" toggle on application list in device settings. There are many people reporting that their Galaxy S series phones have it too. This AppCloud stuff is absolutely outrageous!
This article has basically no technical details and scant evidence for the claims made by the authors. It's rage bait that is intended for emotional reaction rather than a curious and intelligent analysis.
I think this is an open letter addressed to Samsung, not an article trying to convince readers... Perhaps, the takeaway can be the call for transparency as a minimum ?
making it nearly impossible for regular users to uninstall it without root access, which voids warranties and poses security risks
Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.
We need regulation which defines that any hardware device capable of running software developed by a third party different from the hardware manufacturer qualifies as a general purpose computing device, and that any such device is disallowed to put cryptographic or other restrictions on what software the user wants to execute. This pertains to all programmable components on the device, including low-level hardware controllers.
These restrictions extend outside the particular device. It must also be illegal as a commercial entity to enforce security schemes which involve remote attestation of the software stack on the client device such that service providers can refuse to service clients based on failing attestation. Service providers have other means of protecting themselves, taking away users control of their own devices is a heavy handed and unnecessarily draconian approach which ultimately only benefits the ad company that happens to make the software stack since they also benefit from restricting what software users can run. Hypothetically, they might be interested in making it impossible to modify video players to skip ads.
I agree, but I think three extra conditions would need to be added here.
1. Devices should be allowed to display a different logo at boot time depending on whether the software is manufacturer-approved or not. That way, if somebody sells you an used device with a flashed firmware that steals all your financial data, you have a way to know.
2. Going from approved to unapproved firmware should result in a full device wipe, Chromebook style. Possibly with a three-day cooldown. Those aren't too much of an obstacle for a true tinkerer who knows what they're doing, but they make it harder to social engineer people into installing a firmware of the attackers' choosing.
3. Users should have the ability to opt themselves into cryptographic protection, either on the original or modified firmware, for anti-theft reasons. Otherwise, devices become extremely attractive to steal.
Didn't we backslide hard enough at this point that it is now architecturally ensured that there is a security downside to rooting? Prevents verified boot for example, since the attestation is tied to said corporations, and not you.
AFAIK that's true for many vendors but for example Pixels (and IIRC also OnePlus at least a few years ago) you can relock the bootloader with other keys.
The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.
Also for the record I think it's a silly attack vector for the average person to worry about. A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.
Not having verified boot is not a security downside for most people. Unless your threat model includes the evil maid attack, which it doesn't for thr vaaaaaast majority of people, verified boot is just another DRM anti-feature.
I don't follow the reasoning behind this - even in a verified boot scenario you can just choose to not load the offending kernel module without compromising security.
I'm pretty sure the recent switch 2 "license to use the hardware" has entirely killed any notion that you actually own the hardware and are free to do anything with it.
Especially in Africa, where privacy and consumer rights are probably less relevant than the US/EU.
This is a good point. While there is nothing factually incorrect in the statement “rooting your phone can void your warranty and pose a security risk”, if you imagine factual statements are the same thing as value judgments it becomes very problematic.
Similarly it is pretty messed up when people say stuff like “fire can burn you if you aren’t careful” because so many people rely on fire for food and warmth.
Having your vehicle serviced by someone other than the dealer could void your warranty and poses a safety risk.
Cooking animal products at home poses a health risk. You should be sure to only ever consume animal products prepared by a duly licensed establishment.
The chauffeur's union would like to take this opportunity to remind you that amateurs operating their own motor vehicles risk serious injury and even death.
The FSD alliance would like to point out that hiring a licensed chauffeur also poses a non-negligible risk. Should you choose to make use of a personal vehicle it is strongly recommended that you select one certified by the FSD alliance. Failure to do so could potentially impact your health insurance premium.
For starters, in most places, warranty is a legal requirement and the manufacturer isn't allowed to void it for whatever reason they want. If my phone's battery starts getting really hot in normal use, or I start getting dead pixels on my screen or whatever else, the fact I have a custom OS on my phone isn't relevant to the warranty claim any more than having it in a case or putting some stickers on it. Yes, it'll make claiming it more difficult, but that doesn't mean it's void, just that you'll have to fight through a few more tiers of support agents to get it fixed.
More importantly, rooting is only a security risk in the sense that it increases the attack surface for exploits. The same can be said for any other system-level software. Like if you buy an Nvidia graphics card in your computer and that loads its kernel driver, malware now has one more place to exploit. Are Nvidia graphics cards a security risk?
We've come an incredibly long way from just dropping /xbin/su and calling it a day. Modern (as in the last 10 years) root solutions have caller checks based on a user-defined whitelist and really modern implementations use kernel-level checks to make sure the app wanting root access is allowed to get it. The only way this can be dangerous is if one of those apps or the root solution itself has a code execution exploit. But again, the same can be said for the plethora of system-level bloatware vendors install these days.
The current legal reality might be corporate propaganda, but not exclusively corporate propaganda, it's the current legal reality as well. "root access voids warranties" is a fact in many jurisdictions, regardless of how it came to be. Hence, it's not as much parroting propaganda, as in furthering a cause, but just stating it how it is.
The same people can be scammed to give passwords, click links, perform any human action, so what's the difference besides giving up yet another freedom?
> My grandma should not have root on her phone and a lot of younger people as well.
I would agree.
> Making it easy to root phone makes it easy for scammers to ask people to unlock it.
I would also agree, so then: don't make it easy.
> Mobile banking apps refuse to run on rooted phones.
... but they do run on my web browser. On a computer using open-source software without even secure boot enabled. So, it seems to me this is a cop-out by said banks. They shouldn't require client-side absolute trust to run, and evidently they actually, practically, today, do not require that. It's simply a choice they made, presumably out of laziness or greed.
Even though you seem to have a lot of support on Hacker News, I don't think making root access a fundamental right is preferable.
Historically, computers have not granted you access to everything. Most home computers used to have ROM cartridges, which could not be modified, at least not by an average user. Also, when using unrestricted operating systems, such as as MS-DOS, a simple virus could wipe all your hard work.
In our current time, devices are connected to other machines, and the problem of security and privacy has increased dramatically. Unfortunately, we still don't have operating systems that are secure enough to be used by untrained persons. It makes perfect sense to lock down these devices.
I basically see only two ways out:
1. Allow developers exclusive access to development systems, similar to how console development works.
2. Implement a secure operating system.
It will take an extreme amount of effort to do the latter, and it might even be impossible to gradually absorb the mess of interfaces that people and companies expect to work.
So that probably leaves us with the first option. Personally, I would love devices to be locked down more, so that the crazy threats from hackers will be less severe. But I would also love to keep developing software. Having to jump through some hoops is probably unavoidable. The situation could be compared to requiring a driver's license in order to safely drive on the shared infrastructure.
As much as I agree with your sentiment to have freedom, it still seems somewhat overly optimistic to expect this to work in our complex society.
Why? What is the reason root would be dangerous, if it's not the default? People can be scammed to activate it, but those same people can be scammed to click links and give passwords and personal data. Any action requiring root would need a warning and raise suspicion, or put behind an activation mechanism that's complex enough.
Anything else and you lose freedom, and the whole ethos that enabled the advanced IT landscape of today.
Root access is an outdated security concept from the previous century. Trying to mandate such a concept is parroting UNIX propaganda. Users can be given control of devices without them having a "root" account.
> Users can be given control of devices without them having a "root" account.
Can be given control [by handset manufacturers] is an unfulfilled potential. And it will always be unfulfilled - because otherwise, users could protect themselves from manufacturers/providers foistware.
I agree. I would love to have an "advanced permissions manager" that lets me specify that AccA can write to the /sys devices for the charge controller and AdAway can write to /etc/hosts, but not the reverse.
That doesn't give me any less power than root, but does give those apps less power and limits the potential impact if one gets compromised. I think when most people say the device owner should be able to get root, they mean that the owner, rather than the manufacturer or OS vendor should have the final say in all cases, not that it has to literally work just like root on Unix.
Stop parroting orthodox agenda without thinking of what it means. If everyone had root access it would be heaven for ransomware/spyware/malware operators.
Having root access is not in the interest OR benefit of most regular users. Rooting your phone is a footgun for 99% of people who install random apps and will get hacked and have their life savings transferred or ransomed.
For them the article does the right thing. For everyone else, like you or me, we will not care what this article says anyway.
That's why what Samsung does is double bad. Noot rooting phone is good hygiene if your phone respects you. But if it comes with malware then thats a stab in the back.
Readit News
Wherever you are from or whatever side of the conflict you are on, I think we can all agree that it’s never been easier to infer so much about a person from “semi-public” sources such as companies selling customer data and built-in apps that spy on their users and call home. It allows intelligence agencies to outsource intelligence gathering to the market, which is probably cheaper and a lot more convenient than traditional methods.
“Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.
Yes, privacy is a question of civil defense in the drone age. But the existing crop of states will never acknowledge that; their structure and institutions presume precisely the kind of mass databases of PII that create this vulnerability, as well as institutional transparency for public accountability. This makes them structurally vulnerable to insurgencies that expropriate those databases for targeting. The existing states will continue to clutch at their fantasies of adequately secured taxpayer databases until their territorial control (itself an anachronism in the drone age; boots on the ground can no longer provide security against things like Operation Spiderweb) has been reduced to a few fortified clandestine facilities.
Things are going to be very unpredictable and, I suspect, extremely violent.
Here is how Pegasus seems: - China has 1.5 billion people, lots of resources, would profit a lot economically if they found a way to hack iOS, etc. But yet couldn't hack it. - Israel with its 7 million people, not only hacks iOS multiple times, but does it to spy on its allies.
Now I've seen the threads analysing Pegasus' complexity, I don't know if it's been reproduced, and if it has then I guess it logically proves me wrong (the tinfoil hatter in me still thinks its right though).
Here is why:
Israel has a lot of silicon fabs or R&D centers, now it makes ZERO sense for the US to have fabs or R&D centers in Israel, since that country is (allegedly) always at the risk of being bomber for no reason at all (yeah right).
Intel has had fabs in Israek since the 80s, why not in Japan or France or the UK (France and the UK are close allies to the US and have no earthquakes or risk of being bombed), why not even Canada?
And I compared the dates of when intel started putting the Intel Management Engine in all of their CPU and the date of which they built their biggest fab in Israel, then I went down the rabbit hole of when AMD started using PSP (similar tech to Intel ME), and it coinciding with it buying a large pentesting startup in Israel, then starting to build its R&D centers there, Apple and Qualcomm have similar stories.
Obviously this is all tinfoil, and while the dates coincide it's obviously not enough.
But to each their own, and I choose to treat my tech as if it was all was backdoored already, because for me the evidence (while not enough to be sure) is enough for how much I value my privacy.
What makes you think China can't hack iOS?
- the smaller country hacked ios, have to sell it to recoup r&d costs, got caught many times.
- the larger country hacked ios, don't need to sell it around, haven't been caught.
That you know of. Maybe they just don't indiscriminately sell the results to anybody who shows they have money. Or maybe they have different strategies for spying.
> - Israel with its 7 million people, not only hacks iOS multiple times,
NSO and friends find zero-days or buy them on the open market (not just from Israel). Citizen Lab has identified specific vulnerabilities used to install Pegasus. The exploits don't require or use CPU back doors.
... and you think Israel's smaller population somehow translates into better infiltrators than China has, but not better hackers than China has? Israel also makes better halva than China, by the way.
That kind of "logic" is what turns you into a loony raving on a street corner somewhere.
> but does it to spy on its allies.
Everybody spies on their allies, at least opportunistically. But Pegasus is a commercial product, sold to basically every government and mostly used to spy on normal people, not other governments. The people writing it have ties to Israeli spies, and I'm sure it's been used by Israeli spies, but it's general-purpose.
> Israel has a lot of silicon fabs
As far as I can tell, Israel has one facility capable of making remotely serious CPUs. It's owned by Intel. There are no phones using Intel processors.
The processors in iPhones are "Designed by Apple in Cupertino" and fabbed by TSMC in Taiwan. The processors in basically all other phones are ARM, and most of them also come from TSMC. Pegasus does not run on Intel processors, ever.
> And I compared the dates of when intel started putting the Intel Management Engine in all of their CPU and the date of which they built their biggest fab in Israel
So the fab somehow reached out into the rest of Intel and retroactively caused it to develop a heavily advertised feature?
Dead Comment
We all like to imagine this super cool clandestine hacking operation using peoples mobile phones to secretly track people who visit nuclear facilities back to their homes.
The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.
If there are spies in foreign countries going around offering life-changing sums of money for USB sticks, which people are accepting
is it not also plausible that folks at google/samsung/apple/aws/cloudflare/microsoft are getting offered life-changing sums of money for leaving their work-from-home laptop unattended for 5 minutes?
In addition, saying that
> someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university
is an oversimplification on multiple levels:
1. Low-level employees typically don't have access to sensitive information.
2. With human intelligence, there is always a risk that the person you (e.g. Israel) are in touch with (e.g. an Iranian officer) who pretends to be a "double agent" (e.g. leaking info to Israel), is in fact a "triple agent" (e.g. actually working for Iran to mislead Israel).
3. You can send your kids to foreign universities but not your siblings, your parents, your wife's family, and so on... Some of your beloved ones are almost certain to suffer the consequences of your actions. High treason is no joke.
Check the weather today, get bombed tomorrow.
What's "just" a war crime amongst friends?
Anyone who runs a country, especially senior politicians, just shouldn't have a standard mobile.
It should be a built from the ground up phone by your own countries government services. Running GrapheneOS or something.
And you shouldn't have a second phone to have your affairs either.
We, the people, need to demand and force our politicians to work for us.
The gop is controlled by donors who are mostly free market liberals. Elon won’t let anyone “censor” (regulate) x. The democrats don’t care about national security historically, and it’s not currently an issue their cosmopolitan TikTok loving base cares anything, at all, about. “Security” is something that most democrats I talk to now associate with deportation or military spending, both of which they ferociously hate. Across parties, policy and discourse are reactive. Security requires a proactive orientation that it seems the public sector may structurally lack.
lol. lmao even.
this is the holy mary of security, politicians (US) will not give a damn as long as they’re not the ones being targeted and as long as the ad giants like google and co keep lining their pockets.
https://www.wired.com/story/minnesota-lawmaker-shootings-peo...
https://web.archive.org/web/20250506145643/https://smex.org/...
The article leaves out quite a lot about what AppCloud is, but it's essentially how Samsung monetizes their non-flagship device users and can do things like insert installation advertisements into the notification tray, and silently install apps.
Personally, if I found this on my device it'd be the final straw to grit my teeth and finally get a personal apple device.
Samsung’s A and M series smartphones are their cheapest models so their buyers probably cannot afford better phones. I don’t know of any other brands selling in the region with similarly priced models that have better privacy practices than Samsung either—they’re all the same at that price point I’m afraid.
If you don’t want bloatware (spyware), it’s either pixel or iPhone.
Their stock android is fine. If you want more privacy, installing e/OS/ is trivial. It blows my mind that anyone is concluding Samsung stuff is worth buying under any circumstances.
Sure, better than, say, Sony (and as an ex-Sony user I kind of know what I'm talking about), but far from calling it good.
And for US carriers, you are basically locked out of Wi-Fi calling if you are not using one of the whitelisted devices.
I just replaced my iPhone XS, not out of necessity, but I wanted to see what the new ones were like. The 16 is barely better and I was suprised to find just how little the old one was worth second hand, considering it still runs circles around most midrange Android handsets.
That's what I have been thinking recently -- given that Samsung is quietly doing these shady things with my phone, and other annoyances like Samsung forcing Galaxy AI on me (try selecting some texts in a browser or webview) which cannot be uninstalled and the terrible Samsung Pay interface, I am questioning my device choice every day.
I did. No Galaxy AI.
> you can't completely remove it
Maybe my English isn’t very good but that sounds like the definition of unremovable.
Also, English is not my native language. I feel like I did get my point across anyway.
Dead Comment
On my 2025 Motorola RAZR 5G, in /product/etc/nondisable are a series of XML files listing carrier and activation apps for Dish Wireless, Tracfone/Verizon Value, T-Mobile, the Amazon App Manager, and two apps provided for finance providers PayJoy (who lock and disable phones for financial product recovery) and one for Claro internally (that operates similar to Payjoy).
But then I haven't had any experience with carrier phones. We just don't do that where I live, all phones are sold unlocked for full price and all plans are prepaid.
I agree that it's not easy, but anyone sufficiently annoyed by these non-otherwise-removable apps who is able to follow instructions should be able to get it done without needing a computer or special knowledge or messing with the command line.
2. Plug phone in to computer using USBC cable.
3. Answer prompt on phone granting permission to computer.
4. Run adb commands.
It appears to be a similar case across the MENA region. While the SMEX post primarily focuses on WANA, it is possible to find other reports (e.g. [1]) from the MENA region that describe similar practices by Samsung. There, however, the stories talk about "Aura", rather than "AppCloud".
[1] https://www.moroccoworldnews.com/2025/06/212144/samsung-embe...
A.k.a. I tried to be as politically correct and cite the term used by the respective reporting. The main point I was trying to bring across was that apparently there are two apps involved, not only a single one.
[1] https://en.wikipedia.org/wiki/Middle_East_and_North_Africa
This AppCloud crap has also been pushed to devices in the Europe Open Market.
I also know that this shouldn't have been installed on enterprise devices (either Android Enterprise managed by MDM or E-FOTA managed - don't remember exactly). We had an akward conversation with some Samsung representatives..
Yes the Unity 3D engine company wow.
https://www.pcgamer.com/unity-is-merging-with-a-company-who-...
Dead Comment
unity was dying for lack of revenue
Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.
These restrictions extend outside the particular device. It must also be illegal as a commercial entity to enforce security schemes which involve remote attestation of the software stack on the client device such that service providers can refuse to service clients based on failing attestation. Service providers have other means of protecting themselves, taking away users control of their own devices is a heavy handed and unnecessarily draconian approach which ultimately only benefits the ad company that happens to make the software stack since they also benefit from restricting what software users can run. Hypothetically, they might be interested in making it impossible to modify video players to skip ads.
1. Devices should be allowed to display a different logo at boot time depending on whether the software is manufacturer-approved or not. That way, if somebody sells you an used device with a flashed firmware that steals all your financial data, you have a way to know.
2. Going from approved to unapproved firmware should result in a full device wipe, Chromebook style. Possibly with a three-day cooldown. Those aren't too much of an obstacle for a true tinkerer who knows what they're doing, but they make it harder to social engineer people into installing a firmware of the attackers' choosing.
3. Users should have the ability to opt themselves into cryptographic protection, either on the original or modified firmware, for anti-theft reasons. Otherwise, devices become extremely attractive to steal.
Won't this also forbid virus scanners that quarantine files?
> This pertains to all programmable components on the device, including low-level hardware controllers.
I don't think it's reasonable to expect any manufacturer to uphold a warranty if making unlimited changes to the system is permitted.
The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.
Also for the record I think it's a silly attack vector for the average person to worry about. A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.
Especially in Africa, where privacy and consumer rights are probably less relevant than the US/EU.
Well, then it's high time the laws of ownership in just about evey country in the world were updated.
As it stands, if I buy something then I own it.
Similarly it is pretty messed up when people say stuff like “fire can burn you if you aren’t careful” because so many people rely on fire for food and warmth.
Cooking animal products at home poses a health risk. You should be sure to only ever consume animal products prepared by a duly licensed establishment.
The chauffeur's union would like to take this opportunity to remind you that amateurs operating their own motor vehicles risk serious injury and even death.
The FSD alliance would like to point out that hiring a licensed chauffeur also poses a non-negligible risk. Should you choose to make use of a personal vehicle it is strongly recommended that you select one certified by the FSD alliance. Failure to do so could potentially impact your health insurance premium.
For starters, in most places, warranty is a legal requirement and the manufacturer isn't allowed to void it for whatever reason they want. If my phone's battery starts getting really hot in normal use, or I start getting dead pixels on my screen or whatever else, the fact I have a custom OS on my phone isn't relevant to the warranty claim any more than having it in a case or putting some stickers on it. Yes, it'll make claiming it more difficult, but that doesn't mean it's void, just that you'll have to fight through a few more tiers of support agents to get it fixed.
More importantly, rooting is only a security risk in the sense that it increases the attack surface for exploits. The same can be said for any other system-level software. Like if you buy an Nvidia graphics card in your computer and that loads its kernel driver, malware now has one more place to exploit. Are Nvidia graphics cards a security risk?
We've come an incredibly long way from just dropping /xbin/su and calling it a day. Modern (as in the last 10 years) root solutions have caller checks based on a user-defined whitelist and really modern implementations use kernel-level checks to make sure the app wanting root access is allowed to get it. The only way this can be dangerous is if one of those apps or the root solution itself has a code execution exploit. But again, the same can be said for the plethora of system-level bloatware vendors install these days.
Dead Comment
Dead Comment
Making it easy to root phone makes it easy for scammers to ask people to unlock it.
It should not void warranty if you unlock the phone. But security concerns are real. Mobile banking apps refuse to run on rooted phones.
I would agree.
> Making it easy to root phone makes it easy for scammers to ask people to unlock it.
I would also agree, so then: don't make it easy.
> Mobile banking apps refuse to run on rooted phones.
... but they do run on my web browser. On a computer using open-source software without even secure boot enabled. So, it seems to me this is a cop-out by said banks. They shouldn't require client-side absolute trust to run, and evidently they actually, practically, today, do not require that. It's simply a choice they made, presumably out of laziness or greed.
Historically, computers have not granted you access to everything. Most home computers used to have ROM cartridges, which could not be modified, at least not by an average user. Also, when using unrestricted operating systems, such as as MS-DOS, a simple virus could wipe all your hard work.
In our current time, devices are connected to other machines, and the problem of security and privacy has increased dramatically. Unfortunately, we still don't have operating systems that are secure enough to be used by untrained persons. It makes perfect sense to lock down these devices.
I basically see only two ways out:
1. Allow developers exclusive access to development systems, similar to how console development works.
2. Implement a secure operating system.
It will take an extreme amount of effort to do the latter, and it might even be impossible to gradually absorb the mess of interfaces that people and companies expect to work.
So that probably leaves us with the first option. Personally, I would love devices to be locked down more, so that the crazy threats from hackers will be less severe. But I would also love to keep developing software. Having to jump through some hoops is probably unavoidable. The situation could be compared to requiring a driver's license in order to safely drive on the shared infrastructure.
As much as I agree with your sentiment to have freedom, it still seems somewhat overly optimistic to expect this to work in our complex society.
Anything else and you lose freedom, and the whole ethos that enabled the advanced IT landscape of today.
Can be given control [by handset manufacturers] is an unfulfilled potential. And it will always be unfulfilled - because otherwise, users could protect themselves from manufacturers/providers foistware.
Given their reality, users root.
That doesn't give me any less power than root, but does give those apps less power and limits the potential impact if one gets compromised. I think when most people say the device owner should be able to get root, they mean that the owner, rather than the manufacturer or OS vendor should have the final say in all cases, not that it has to literally work just like root on Unix.
Having root access is not in the interest OR benefit of most regular users. Rooting your phone is a footgun for 99% of people who install random apps and will get hacked and have their life savings transferred or ransomed.
For them the article does the right thing. For everyone else, like you or me, we will not care what this article says anyway.
That's why what Samsung does is double bad. Noot rooting phone is good hygiene if your phone respects you. But if it comes with malware then thats a stab in the back.
What about desktop OSes for the last 40/50 years?
Sure they aren’t the foam-padded locked down phone OSes, but isn’t this fear a case of leaving said padded room?