Samsung’s exciting new flagship launch is just a few weeks away, and promises an Android upgrade that’s the closest we’ve seen yet to iPhone, at least from a security and privacy perspective. Android 15 which hit Pixels late last year has already raised the bar, but Samsung will take this further when its One UI 7 is released alongside the S25.
While AI will inevitably steal most headlines, Android 15 brings a raft of protections but also more restrictions than we’ve seen before, with a ramp-up in the long-delayed crackdown on sideloading and new Play Protect updates that expand its reach and its remit. Samsung adds Safe Install and an expanded Knox Matrix ecosystem, both of which narrow the gap to iPhone in key areas where Apple’s locked-down ecosystem has long been the safer choice.
But it’s on AI that iPhone’s best defense against Samsung’s new flagship can be found. Putting aside that Galaxy AI and Android’s Gemini offerings outdo what Apple Intelligence brings users today, there remains a clear dividing line between on- and off-device AI processing. And when it comes to $1000 to $2000 flagships, Apple’s hybrid AI architecture provides a safer, more secure alternative to Galaxy. This may not weigh in on your buying decision today, but we’re at the very start of a journey where AI will level the playing fields of the past, and this security will become increasingly critical.
Samsung says that One UI 7’s pre-release beta showcases “the future of mobile AI… boasting powerful AI features, simplified controls and a preview of scalable AI ecosystems of the future.” Samsung has also said it is “applying hybrid AI to efficiently implement the AI experience. Hybrid AI is a technology that uses on-device AI and cloud AI together to provide a balanced speed and safety. If you use on-device AI, which has the advantages of fast response speed and strong privacy protection in the device, and cloud AI, which provides various functions based on vast data and high-performance computing, you can provide the optimal AI experience in various environments and conditions. Typically, Galaxy AI, which is the first in the world to be applied to mobile devices, is implemented to utilize on-device AI and cloud AI environments separately or both at the same time according to the technical requirements of each function.”
But Apple warns that “secure and private AI processing in the cloud poses a formidable new challenge. Powerful AI hardware in the data center can fulfill a user’s request with large, complex machine learning models — but it requires unencrypted access to the user’s request and accompanying personal data. That precludes the use of end-to-end encryption, so cloud AI applications have to date employed traditional approaches to cloud security.”
Apple has highlighted two challenges in particular that appear to be directed at hybrid AI type ecosystems. First, that the kinds of “security and privacy guarantees” found in privacy policies and marketing literature “are difficult to verify and enforce… If a cloud AI service states that it does not log certain user data, there is generally no way for security researchers to verify this promise — and often no way for the service provider to durably enforce it.” And second, that in realtime “cloud AI services are opaque: providers do not typically specify details of the software stack they are using to run their services, and those details are often considered proprietary.” In other words, how sure can you really be?
Apple has tackled this differently. Private Cloud Compute (PCC) is designed to ensure that “personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. Apple says “we believe PCC is the most advanced security architecture ever deployed for cloud AI compute at scale.” None of which means hybrid AI isn’t secure, just that it is not the same as extending the secure enclave from a phone to a public cloud service. And Apple has made all this verifiable by security researchers, to underline it point.
When PCC was first touted, I commented that “if this works as billed, it could redefine smartphone AI and erect hurdles for [Apple’s] rivals that could be almost impossible to leap. A closed ecosystem of device and cloud silicon, with an almost end-to-end encrypted philosophy applied to any AI queries or data leaving a user’s device, such that it is quasi-anonymized and enclaved and assured to such an extent that an external researcher could provide third-party accreditation.”
Apple also explains that PCC uses personal user data “exclusively for the purpose of fulfilling the user’s request. This data must never be available to anyone other than the user, not even to Apple staff, not even during active processing. And this data must not be retained, including via logging or for debugging, after the response is returned to the user. In other words, we want a strong form of stateless data processing where personal data leaves no trace in the PCC system.”
As we await the new smartphone benchmarks we expect with the Galaxy S25 launch, some of that will come into sharper focus. I don’t expect this to have an immediate impact. But I do expect that when Android and iPhone AI settles into something more akin to a usual rhythm, this end-to-end security factor will play a major role. Users are not yet thinking much about this because most AI use cases are still playful and trivial. But that will change. When AI starts transacting and monitoring on your behalf, when — as one Samsung exec foretells — “an AI secretary [will] brief today’s schedule [when I wake-up] and handle what I want with a natural conversation as if talking to a person is typical,” that will change.
Apple has built an empire by offering more secure, more locked-down, and so more restricted versions of what’s available elsewhere. The question now is whether this best defense against attackers, invasions of privacy and data leaks is also the best defense against Samsung’s better-than-iPhone growth. And will it be enough to help steer those flagship buyers who tend to be amongst the more security and privacy minded users towards its iPhones.
