Phone maker Samsung has apologized for a software update sent to UK customers that Russian government-mandated apps had been downloaded.
It blamed a technical error on the incorrect wording and said no Russian apps had been installed.
A new law in Russia requiring smartphones to offer software from the country went into effect in April.
An expert said that Samsung had not fully explained what went wrong and that customers would be concerned.
Andrew Edmans bought a used Samsung Galaxy Z Fold2 phone from Amazon Marketplace three weeks ago and ran an official Samsung update.
After the installation was completed, he noted the wording, which read: “As part of the implementation of the requirements of the Decree of the Government of the Russian Federation No. 1867 of 18/11/2020, the download of mandatory applications has been added. Some of these apps is installed only if the device is reset to the factory default settings. “
Concerned, he contacted Samsung, who promised a response within 48 hours.
He got nothing and called again four days later.
“Finally, removed a technical remote access to my phone and confirmed the update, stating that he had never seen it before and referred me to customer solutions.”
This was escalated to headquarters, and Edmans was eventually told it was “a notification error”.
Samsung told the BBC: “We can confirm that the wording of the message was incorrect and shared with a limited number of UK customers due to a technical error.
“The upgrade received was UK-specific and no third-party Russian apps are installed on devices or have access to the device itself
“We sincerely apologize for any inconvenience this may cause.”
Edmans said he was “disappointed” with the way Samsung had handled the problem.
“The only thing I know is that as of this morning, my Samsung Fold 2 device still indicates that it has an update from Russia,” he said.
“I suffer from bipolar and anxiety disorders, and this concern about the security of my phone has only exacerbated these issues.”
Prof Alan Woodward, a computer security expert at the University of Surrey, said it was difficult to understand what technical error could have caused such a message by mistake.
But, he added, it provided an insight into how Samsung handled Russian law.
“The good thing about this warning – provided it is intended for you – is that Samsung is transparent in providing you with links to the decree of the Russian Federation imposing such software.”
But privacy expert Pat Walshe said he thought the issue had been poorly handled by Samsung.
“I do not think Samsung handled this issue properly or considered the anxiety and distress it caused Edmans, and the fact that he could not trust the installation.
“How many customers received the message? How did the error occur? How can individuals be assured that no malicious software was installed on their device?”
Russia has tightened its rules on the Internet in recent years, including requiring search engines to delete some results and encouraging messaging services to share encryption keys. ISPs are required to install content-capable networking equipment.
It has also tested a disconnected version of the Internet, which would allow the Kremlin to cut off connections to the World Wide Web if it felt the country was under threat.
The law requiring smartphones, computers and smart TVs sold in the country to have Russian alternatives to their normal software installed came into force in April 2021.
It was designed to help Russian software companies promote their smartphones, although some have raised concerns that the Russian-made software could be used to spy on users.
Samsung agreed to pre-install these apps, but rival Apple did not – instead, it allows users to install the Russian alternatives, which is not mandatory.
Initially, it had refused to comply at all, but after pressure from Moscow agreed to this compromise.