Researchers at Trinity College Dublin bought a Samsung phone, went through setup, and unchecked every single data sharing option. Then they watched what the phone actually sent. It sent telemetry anyway — your phone's unique ID, your list of installed apps, analytics data. The researchers' conclusion was blunt: "there is no opt-out." Samsung's opt-out toggle is a placebo. 600 million Galaxy owners have a button that does nothing.
critical
Samsung calls it "Customisation Service" like it's doing you a favour. In reality, it reads your text messages, scans your contacts, logs your call history, checks where your photos were taken, records what music you listen to, and tracks every website you visit in Samsung Internet. It's enabled the moment you create a Samsung account. Even if you find the buried toggle to turn it off, Samsung keeps everything it already collected. You have to separately beg them to delete it through their privacy website. And they don't let you opt out of Health data or calendar collection at all.
critical
Samsung calls Knox "defense-grade security." In 2022, hackers stole 190 gigabytes of Samsung's source code — including the code for TrustZone, the component that handles your fingerprint and face unlock. Six months later, a second breach exposed the personal data of potentially more than half of all US Samsung customers. Then Samsung discovered a UK breach that had been leaking customer data for three years without anyone noticing. Three breaches in two years is not defense-grade anything.
Samsung says they care about your privacy, but their smart home hub shipped with 20 security holes that let hackers unlock your doors, watch your cameras, and control every device in your home. One flaw scored 9.9 out of 10 in severity — nearly the worst possible.
critical
When the SmartThings Hub crashed, it secretly sent a memory dump — which could include your passwords and personal data — to a third-party service called backtrace.io, completely unencrypted. Anyone watching your network could read it. Samsung never told users this was happening.
high
The SmartThings app can make phone calls, read your contact list, and access your phone numbers — none of which are needed to control smart lights or locks. Samsung's privacy policy doesn't explain why your smart home app needs to know who's in your address book.
Samsung says it watches what you view on your TV to give you better recommendations. In reality, the TV takes a screenshot every half second of everything on screen — including content from your gaming console, laptop, or DVD player connected via HDMI — and sends this data to Samsung's advertising servers. Samsung was sued by Texas and paid $46 million in a class action because this data was being sold for advertising, not just used for recommendations.
critical
Samsung told customers their voice data was encrypted when sent from the TV. Security researchers proved this was a lie — voice recordings were sent without encryption, meaning anyone on the same network could listen to what you said near your TV. A privacy watchdog filed a formal complaint with the FTC over this.
critical
Your Samsung TV took a screenshot of what you were watching twice every second. Everything on screen — news, banking apps, video calls, private photos — captured and sent to Samsung. Texas sued. Samsung settled. Then Texas sued Sony, LG, Hisense, and TCL for doing the same thing. Your television watches you more closely than you watch it.
Samsung says your personal data stays on your device, but the earbuds app demands access to your calendar, call history, contacts, and phone numbers. Earbuds don't need to read your call log or calendar to play music. Samsung's own Customisation Service admits it collects this data with no way to opt out.
critical
Samsung frames data collection as improving your experience, but they admit it may count as "selling" your data under privacy laws. They share your information with ad networks, marketing partners, and data brokers. They say biometric data stays on your phone — but the heart rate data from these earbuds goes to Samsung Health's cloud, not just your device.
critical
This app is supposed to manage your earbuds, but it demands permissions to dump your phone's system data, read all system logs, modify secure settings, and control your lock screen. No earbuds app needs these powers. The earbuds also connect to Samsung's advertising and analytics servers, confirming your usage data feeds Samsung's ad business.
Your Samsung fridge has three cameras inside that automatically take photos of your food every time you close the door. These photos are uploaded to Samsung's servers for AI analysis. Most people buying a refrigerator would not expect it to photograph them and their food.
critical
The Samsung Food app that connects to your fridge's cameras contains 9 tracking tools including advertising networks from Facebook, Google, and TikTok's parent company ByteDance. Your food and eating habits may be shared with these advertising companies.
high
The app you need to control your Samsung fridge can record audio, make phone calls, read your contacts, and see every app on your phone. None of these are needed to manage a refrigerator.
Every time you open your fridge, a camera takes a photo. Samsung keeps those photos. They say they blur anything that isn't food, which is nice, but maybe the real question is why your refrigerator is running a surveillance camera trained on a million images in the first place.
critical
You paid $3,000 for a fridge and Samsung turned it into a billboard. The ads rolled out automatically. If you turn off ads, you lose weather and calendar too. Samsung told advertisers they want ads on every screen in your home. Your fridge is just the beginning.
high
Your fridge can tell who's talking. It listens all the time. Samsung's last always-listening product got caught sending voice recordings unencrypted to a third party. But sure, the fridge microphone is fine.
Samsung says you can opt out of tracking and advertising. But your phone has 24 tracking addresses permanently built into its software — including Samsung ad servers, Google analytics, and Facebook connections. These cannot be turned off through normal phone settings. The tracking service that watches which apps you use is turned on by default.
critical
Samsung Members is supposed to be a help and support app. But it asks for 65 permissions including the ability to record your microphone, access your camera, read your contacts, track which apps you use, read system logs, install and delete other apps, and capture your screen. No support app needs these capabilities. It's actually a data collection tool wearing a customer support disguise.
critical
Samsung advertises Knox as making your phone ultra-secure. But their phone was hacked by commercial spyware that could record your microphone and steal your photos — just from receiving an image on WhatsApp. They had to patch 34 security holes in a single month. Knox also lets Samsung remotely lock or wipe your phone — they have a backdoor to a device you own.
Samsung says your SmartTag location is private and protected by rotating IDs that change every 15 minutes. But security researchers found that an attacker can extract a secret key from the tag that lets them decode ALL those rotating IDs — forever. This means someone who gets close to your SmartTag once could track it indefinitely, defeating the privacy protections Samsung advertises.
critical
Samsung says it respects your privacy and gives you control over your data. But buried in the same privacy policy, Samsung admits that sharing your data with business partners "may be considered a sale" under privacy laws — in other words, Samsung is selling your personal information for advertising. They also buy data about you from data brokers. And if you want to delete your data, the process is so complicated that reviewers say you practically need a computer science degree to figure it out.
high
The SmartTag 2 is sold as a simple gadget to find your lost keys. But to use it, you need the SmartThings app which demands access to your microphone, camera, phone contacts, call history, and can track your physical activity and location even when you are not using the app. A key-finder app does not need to make phone calls or record audio — these permissions go far beyond what is needed for finding lost items.
Samsung claims your biometric data stays on your device and is never sent to Samsung. But their health app has permissions to read your heart rate, blood pressure, blood glucose, body fat, and blood oxygen — and also has permissions to sync this data to the internet continuously in the background. If the data truly stayed on your device, the app wouldn't need internet access combined with health data read permissions and data sync capabilities.
critical
Samsung admits in legal language that sharing your data with advertisers may count as 'selling' your personal information. Independent reviewers at Mozilla rated the Galaxy Watch as a privacy nightmare. Samsung was also caught and sued by the Texas Attorney General for secretly tracking what people watch on their Samsung TVs. This pattern of hidden data selling extends across all Samsung devices including the Galaxy Watch, which collects far more intimate data than a TV — your heart rate, sleep patterns, body composition, and location 24/7.
high
Samsung says they'll get your consent before collecting health data. But their app is designed to start collecting automatically every time your phone turns on, run continuously in the background, and keep your phone's sensors active at high sampling rates — all without you having to do anything. It also checks what other apps you have installed, which has nothing to do with health tracking.
Samsung says they only collect your health data when you actively use their health features. But the Samsung Health app has permission to read your body sensors and track your location in the background — meaning it can monitor your heart rate, blood oxygen, and where you are around the clock, even when you're not using the app.
critical
Samsung was just caught by the Texas Attorney General secretly collecting TV viewing data every half-second and selling it to Google and Twitter without properly informing customers. They used the same trick with their TV that they use with the Galaxy Ring — bury the real privacy implications behind a single 'agree' button, where understanding what you're actually agreeing to would require reading 200+ screens of fine print.
critical
Samsung describes its Customisation Service as helping you discover products you might like. In reality, it tracks your web browsing, analyses your text messages to figure out who your closest friends are, logs where and when you take photos, and monitors your precise location. The Galaxy Ring feeds your most intimate health data — heart rate, sleep quality, stress, menstrual cycles — into this same system, which Samsung uses to build advertising profiles and show you targeted ads.
Samsung sells you an $800 tablet and shows you ads in the weather app, payment app, and game launcher. The operating system itself is an advertising platform — and they call this "prioritizing your privacy."
critical
Samsung calls it "customization" but it reads your texts, analyzes who you call most, scans your calendar, and tracks every website you visit — all to show you ads. This is on by default on a device you paid full price for.
high
Knox is marketed as your security guardian, but it is also a telemetry pipeline collecting device IDs and app lists, sharing analytics with Google. The lock on your front door is also a camera pointed at you.
You never downloaded Samsung Health. It came on your phone. It's counting your steps right now. On a billion Galaxy phones worldwide, Samsung is passively collecting health data from people who never asked for a fitness app. Your step count, your activity level, your sleep patterns — collected by default, shareable with partners, integrated with Samsung's ad platform.
high
Samsung's "Customisation Service" is an ad targeting system enabled by default on your phone. Your Samsung Health data — how active you are, how well you sleep — feeds into the same profile used to serve you ads. The Italian DPA fined Samsung €2 million for deceptive consent. Your health data and your ad profile share a database. Samsung calls it customisation.