Samsung’s upcoming One UI 9.0 update will feature automated, AI-driven blocking of phishing applications before they can be installed on a device. The software update, scheduled for release in the second half of 2026, aims to counter the rise of generative AI-powered cyberattacks. According to company data, Samsung systems have blocked approximately 400 million malicious messages since September 2024.
How does AI-driven app blocking work?
One UI 9.0 will autonomously identify and neutralize phishing applications at two critical stages: during the initial installation process and when the app attempts to execute code. This shift moves beyond traditional signature-based detection, which often relies on known malware lists. By leveraging real-time analysis, the system identifies behavioral patterns associated with fraudulent software. Samsung developed these capabilities in collaboration with the Korea Internet & Security Agency (KISA), the National Forensic Service, and international law enforcement agencies to refine detection accuracy.
Samsung already utilizes AI for real-time call screening on devices running One UI 8.0 or newer. This system scans incoming voice calls to flag potential phishing attempts before a user even answers.
What is the current scale of the phishing threat?
The urgency behind these security updates stems from a surge in “Phishing-as-a-Service” (PaaS) operations. In June 2026, Google filed a civil lawsuit against a China-based network identified as “Outsider Enterprise.” Court documents reveal this group operated a subscription model, charging users approximately 80 euros weekly or 180 euros monthly for access to AI tools that generate fraudulent websites and messages. Investigative data suggests the group sent 2.5 million malicious messages in just two weeks in May 2026. The FBI launched “Operation Ghost Hook” to seize the network’s domains, estimating that the group caused 1.8 billion euros in damages since mid-2023.
What is included in the June 2026 security update?
Samsung began rolling out a massive security patch on June 15, 2026, for the Galaxy S25, S26, and various foldable models across Europe, India, and the United States. This update addresses 44 distinct vulnerabilities within the Android and One UI ecosystem. For devices equipped with Exynos processors, the update includes an additional patch for a hardware-specific security flaw. Beyond security, the update introduces AI-powered notification highlights and file-summarization tools for PDFs and voice recordings in the “My Files” app.
Always ensure your device is running the latest firmware version. You can check for pending updates by navigating to Settings > Software Update > Download and Install.
Frequently Asked Questions
Will these phishing protections work on older Galaxy models?
The automated, pre-installation blocking feature is specific to the upcoming One UI 9.0 update. While older devices receive security patches, the advanced AI-driven proactive defense is tied to the new software architecture arriving in late 2026.
What should I do if I suspect a phishing app is already on my phone?
If you suspect an app is malicious, navigate to your device settings, locate the App Manager, and uninstall the suspicious program immediately. Report the application to the Google Play Store and consider running a full system scan using your device’s built-in security features.
Are these AI tools only available for the S-series?
The June 2026 update covers a broad range of devices, including the Galaxy Z Fold 7, Z Flip 7, the new TriFold model, and the Galaxy Watch 7 and 8 series. Some AI-specific features, however, are currently limited to the Galaxy S25 series in select regions.
Have you encountered suspicious messages or apps recently? Share your experiences in the comments below or subscribe to our newsletter for the latest updates on mobile security and digital safety.
