An Israeli tech firm has quietly embedded spyware into Samsung smartphones - and it poses a serious surveillance threat
The region is a market where it’s either Samsung, Apple, or any of the known Chinese brands – Huawei, Redmi, OPPO, Vivo, etc. – which sell cheaper than either of them while carrying some premium features, and unfortunately most have to buy those phones due to either FOMO or because some are very cheap. Anyone engaged in more sensitive political positions may have to keep on using dumbphones.
The app’s privacy settings claim that users can disable this data collection by turning off “AppCloud” in the app list.
They don’t just “claim” that - that’s how Android works lol.
So in short the whole article could have just been “disable this app and you don’t have to worry about it”. Doesn’t have as much of a tinfoil ring to it I guess?
Because Israel has shown itself to be trustworthy when it comes to software /s
The original SMEX article is from May, and thecanary does not add any new information.
https://smex.org/open-letter-to-samsung-end-forced-israeli-app-installations-in-the-wana-region/
Did Samsung ever address removing it, or saying the software was useful, instead?
Somebody convince me not to say fuck it and build my own brick of a phone with an rpi5
Mobile telephony support just comes as a module, so that’s actually the easy part.
The harder parts are to make the whole thing consume a low enough amount of power that you can keep it running from a non-monster-sized battery, and I suspect that an RPi 5 board isn’t very good for that (hobbyist development boards tend to not have been designed to avoid wasting power, even when the underlying microcontroller/processors is actually decent at it), and integrating an OS with support for a touch interface, especially if you want to avoid Android.
I mean, it’s not too hard to make a brick sized dumb phone and even have it be a mobile phone powered by AA batteries, but if you want a mobile smartphone, it gets more complex.
Unless you have the time and skills to take up the challenge you would probably be better of getting something like a Volla phone with Ubuntu Touch or a Pine phone.
What if you take the battery from a small laptop? It may still be bigger than a whole smartphone, but comparatively small and with some ten watt-hours.
Even a smallish LiPo battery will give you some time. The question is how little becomes too little.
And on the other size you can always give it more battery: after all the original mobile phones were the size of a briefcase.
Ultimatelly how bad it is to go with a Raspberry Pi depends on how much more it with the software it has consumes than what a custom circuit designed for saving power using software configured for that (for example, not running needless services). Further, how much would, say, the extra power used in an HDMI connection over other more lower level protocols of talking to a display really matter next to the power consumption of the display itself or the GSM module, both of which tend to be big power users?
I know for sure that if you design a custom board with a basic STM32 microprocessor and add a 2G GSM module to it, most of the consumption ends up being the 2G module anyway, so you could probably get away with just using some hobbyist board with it instead of designing your own with just what you need and a proper Voltage Converter. However I haven’t really tried doing a battery powered smartphone with an ARM SBC so I don’t really know for sure.
There are a few projects already in existence that might be more convenient, than an rpi5 like fairphones, and I think the grapheneos team is looking to develop something too.
Yeah, that’s the more realistic option. Though it would cost several hundred dollars more.
Not that I have a better idea, but Graphene os devs I think were found to be scummy by Louis Rossmann at some point.
The lead developer in question seems to have stepped down from the position.
Source? Not arguing, I’m just not informed.
https://youtu.be/Dl1x1Dy-ej4 This is something I could find real quick, I don’t remember exactly what happened but ig you can see for yourself. Cheers
That’s his second channel by the way, not some reposter.
Good luck with that
Social Media Exchange (SMEX), a nonprofit digital human rights organisation focusing on the West Asia/North Africa (WANA) region, has warned people living in these regions that an effective spyware app developed by an Israeli firm is quietly embedded in Samsung smartphones across the region and poses a serious surveillance threat.
The region is quite an important part of the message.
That website is an excellent resource, but they can’t just expect everyone to have money for a pixel, even if privacy is a priority for me and many people, a pixel is just beyond the reach of the large majority of internet users.
Instead they need to make a curated list of less than ideal but still better than stock alternatives, or else people will just give up and get stock android instead.
I used to think like this. However, if someone says, “The most expensive phone I can afford is embedded with unremovable Israeli spyware, and there is no operating system that is open-source and receives regular security patches available for it, and I can’t afford to pay for internet access, so I use the platform that only lets me access Facebook”, I’m not sure that there’s much I can do to help them. If someone said, “Can I use a phone that costs less because it’s subsidized by Facebook while being protected from malware and surveillance?” I’d respond with, “The answer is probably ‘no’”. I’m sure that it’s possible to be in a situation where the only choice is to have no internet access at all or to use the internet in a way that makes one vulnerable to surveillance, and I think it’s likely that getting more money is the most reliable cure for that situation (and it might be true that no other cure exists).
privacyguides.org probably has a target audience of people that are being actively targeted by sophisticated government actors, and displaying information about a measure that is inferior to another measure in every way other than cost would make it more likely that someone would use the inferior measure in an inappropriate situation, and that could cause someone to be in physical danger, so it’s probably best to just not mention any measure unless it might be superior to all other measures in some situation (without considering monetary cost). For people that are subject to less physical danger but more cost restrictions, it’d probably be better to have a separate website. I do think that such a website would probably have less funding available (since privacyguides.org will probably receive funding from the audience that is mostly unencumbered by resource constraints, so any other website will probably receive less funding) and therefore less expertise available, which would be regrettable (since I do have old phones that I’d like to make more secure).
There was a time when there was no formal recommendation for computing hardware from privacyguides.org at all, so having one at all is an improvement compared to the past. It’s unfortunate that there aren’t two options that meet the documented criteria, but having one is better than having none. For now, the best we can hope for is probably a phone model that meets relevant criteria (or where the only unmet criteria could be met due to new software being made available) becoming more popular, such that its price comes down due to having an economy of scale. Hopefully that will be a phone model not influenced by Google.
deleted by creator
Yes, considering the average westerner’s privacy is essentially exploited by Google every single day, telling the privacy-conscious person to just shut up and buy the Google phone without discussing alternatives makes this website read like it’s just another ad on an internet filled with ads.
Your reference to Google makes me think you didn’t absorb all the available information.
It’s interesting how this site hides their direct and clear recommendation to de-Google the Google phone on a completely different page from their recommendation to buy the Google phone, which is much more vague on the matter at best. Maybe it really is an ad after all.
Having one page for each topic and providing a link to a relevant page when it’s useful means that it’s less likely that contradictory or outdated information will be provided. The link to the “android distributions” page is currently quite prominent: https://github.com/privacyguides/privacyguides.org/blame/78726b4c4af8bee974559398c1920ea0f65cd2dc/docs/mobile-phones.md#L37
The “mobile-phones” page is currently quite coupled to Google Pixel phones right now. I would prefer for there to be another type of phone that has been found to be suitable to use, but in the meantime while that is not the case it’s probably better to have a page that explains Google Pixel phones in a great amount of detail and indicates that information about Recommended Android Distributions is important.
Yes that’s all well and good for programming computer code, but that’s not how making arguments through human-readable prose works.
Pixels are also running on poor hardware. This has always been the case, but recent releases are showing really poor cpu performance compared to competitors.
Edit: for example, the OnePlus 13 that was released 8 months before the Pixel 10 Pro is 40%+ faster, and $150-250 cheaper. The battery is also 20% lower capacity.
I don’t know why you’re being downvoted for stating a fact, because Pixel hasn’t had competitive hardware for several iterations now.
pixels are supported for 7 years now, and older second-hand phone is still an option. but agree on privacy being a spectrum and not an absolute.
I have yet to run into spyware that couldn’t easily be uninstalled with a few ADB commands.
That is unless—of course—you consider OneUI/Android itself to be spyware (which it is). Privacy in the modern world is dead. It has been for over 20 years now.
Nah, laptops can be absolutely safe. I recommended TAILS or QubesOS
Tails is amazing and I’m glad we have something like that, but it is not practical for every day use. And to be fair, it’s not meant to be. It literally runs off a flash drive.
Yeah, Qubes with Whonix is a better daily driver
I’ll look into it, thanks.
NP. And Qubes installs with Whonix by default, so all you need to do is install Qubes.
Look into braxtech.io a privacy respecting phone without tracking. Comes with iode’ is who preserves and protects privacy as well.
Hard to take an OS seriously when they don’t even sign their releases
