Cybersecurity researchers have reported the discovery of pre-installed spyware on certain budget-tier Samsung smartphones. The software, identified as part of the device’s firmware, was found to be active upon the initial setup of the phones and could not be removed through standard user actions.

The investigation confirmed that specific models within Samsung’s budget-friendly lines were affected. The primary function of the spyware, according to the research report, involves the collection and transmission of user data to third-party servers. This activity occurs in the background without user consent or notification.

Details of the Firmware-Level Application

The security team’s analysis revealed that the application was embedded as a system-level process. This integration into the core Android operating system firmware is the reason users are unable to uninstall it. Attempts to disable the application through standard settings were also found to be ineffective, as the software would reportedly re-enable itself after a device restart.

Data collected by the software includes user text messages, call logs, contact lists, and precise location data. The researchers documented the transmission of this personally identifiable information (PII) in an unencrypted format, presenting a significant privacy risk for the device owners.

Affected Models and Consumer Advisory

The research specifically names several models in Samsung’s entry-level product range. The report documents that the spyware was present on new devices straight from the factory-sealed packaging. Consumers owning these budget models have been advised by the researchers to be aware of the findings.

The security firm that published the findings stated that the software operates with extensive system permissions granted at the firmware level. These permissions allow it to access nearly all data on the device, bypass user-installed security applications, and operate with persistence.