Updated on October 26 with new reports into release of Google’s Gemini 2.0.
There’s a new divide coming for our smartphones, one that could completely change how we view the iPhone versus Android debate that has built a global duopoly — notwithstanding Huawei’s current push to add a third seat to that table.
Google and Samsung have powered ahead of Apple when it comes to smartphone AI, with the latest Pixel 9 almost AI in a box and Galaxy AI dominating Samsung’s marketing messages and device updates. But there’s a serious security and privacy issue that has not yet garnered the attention it warrants — but it will.
Apple’s answer is to redefine cloud security with the same rock solid assurances it claims for its iPhone. The company is so confident that it is offering up to $1m for anyone proving it wrong, and has now opened up its tech for researchers to try to break it. This will become the next iteration of what happens on your iPhone stays on your iPhone, but adapted for a new era where that is no longer true.
In a new blogpost, Apple heralds the “groundbreaking privacy and security protections” underpinning Apple Intelligence, which — just like its Android equivalents — will run out of on-device juice and will need to push some of the processing to the cloud. Its answer is Private Cloud Compute. This ensures that “personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple,” the company explained, adding, “we believe PCC is the most advanced security architecture ever deployed for cloud AI compute at scale.”
That isn’t to say that Google’s and Samsung’s cloud AI are inherently insecure. But the hybrid model that restricts sensitive processing to device-only is not the same as creating an extension of the device enclave in the cloud, one that relies on Apple’s own silicon on both sides to ensure the integrity of the setup.
Apple promised from the start that it would enable independent verification of its claims on an ongoing basis, and it has now done exactly that. “Today we’re making resources publicly available to invite all security and privacy researchers — or anyone with interest and a technical curiosity — to learn more about PCC and perform their own independent verification of our claims.”
And they’re backing this up financially. “We’re excited to announce that we’re expanding Apple Security Bounty to include PCC, with significant rewards for reports of issues with our security or privacy claims.” Those significant rewards equate to $1 million for “arbitrary code execution with arbitrary entitlements,” and lower level bounties for compromises of user data or requests.
As I said when PCC was first announced, “if this works as billed, it could redefine smartphone AI and erect hurdles for [Apple’s] rivals that could be almost impossible to leap. A closed ecosystem of device and cloud silicon, with an almost end-to-end encrypted philosophy applied to any AI queries or data leaving a user’s device, such that it is quasi-anonymized and enclaved and assured to such an extent that an external researcher could provide third-party accreditation.”
What happens next will be fascinating and will define this new space for years to come. Apple says it believes this “is the most advanced security architecture ever deployed for cloud AI compute at scale,” and that “verifiable transparency [is] a unique property that sets it apart from other server-based AI approaches.”
As I commented before, “Samsung has no answer to this—suddenly its hybrid AI approach seems crude and underwhelming. Apple is offering the best of both worlds, and is willing to promise its users that ‘your data is never stored or made accessible [even] to Apple’ even in the cloud, while offering the best and brightest generative AI that cannot be completed on-device only. PCC, in theory at least, redefines the space.”
Now Samsung needs an answer to PCC. As with its clampdown on sideloading and its deployment of a Knox ecosystem to compete with Apple’s equivalent, this needs the same recognition that the table stakes for security and privacy have expanded hugely in recent years. Just look to Android 15, which is primarily a security and privacy update and which, ironically, Samsung has delayed for Galaxy devices.
Samsung is by far the dominant Android OEM and it now has a chance to respond to PCC. But to do so it needs to determine how much of its device AI will be its own and how much will be Google’s. I fear that Google’s cloud-centric AI philosophy, notwithstanding Gemini Nano, will make this tricky to navigate. Apple meanwhile may buy itself the time it needs to catch up on the AI features themselves.
The challenge for Samsung will take another turn before the end of 2024, with new reports suggesting Google is set to launch Gemini 2.0 in December. “OpenAI is eyeing a December debut for its next flagship AI model,” according to The Verge. “Fittingly, Google is also aiming to release its next major Gemini 2.0 model in the same month.”
With ChatGPT debuting on iPhones before then, which will prompt plenty of articles on iPhone’s ability to otherwise to push prompts to OpenAI without compromising user security versus doing the same into Gemini from Pixels and Samsungs.
Commenting on the latest reports, Android Headlines says that “although we now have a potential Gemini 2.0 announcement and release date, it’s still unclear what new features may be coming along with the version update. Google has also yet to confirm any details about the launch or what the new model will bring to the table.”
And this is the crux. How will Google—and by proxy, Samsung—respond to Apple’s AI deployment with iOS 18.1 and iOS 18.2 by that point.
Samsung’s approach to secure and private AI is more robust than Google’s. “We recognize the importance of privacy which is why we give users full control over what they share and what they keep private,” the company says. “We believe our hybrid approach is the most practical and reliable solution to meet all these needs and puts Samsung ahead of the curve. We are providing users with a balance between the instant responsiveness and extra privacy assurance of on-device AI, and the versatility of cloud-based AI through open collaborations with industry-leading partners in offering a variety of functions they need for daily life.”
But Samsung phones carry Gemini as well. And that means the offerings are not fully under Samsung’s control. And that is the difference the company needs to address as it responds to Apple. This will feature heavily when Gemini 2.0 launches, coming at about the same time as Apple’s most material upgrade to its own iPhone AI with iOS 18.2. An interesting few months ahead, but thus far at least, there’s nothing to suggest an answer to Apple’s PCC is waiting in the wings.
But maybe—just maybe—this won’t be as important as all the hype suggests. At least not yet. CNET has just reported that “a quarter of smartphone owners (25%) don’t find AI features helpful, 45% are reluctant to pay a monthly subscription fee for AI capabilities and 34% have privacy concerns. A little over half (52%) of smartphone owners have no interest in purchasing a foldable phone. [And] the biggest motivation for US adult smartphone owners to upgrade their devices is longer battery life (61%), followed by more storage (46%) and better camera features (38%). Just 18% say their main motivator is AI integrations.”
