AI is both a friend and foe to the future of smartphone security

AI is becoming both a threat and a tool in smartphone security. As phishing attacks grow more sophisticated, vendors are increasing their focus on on-device AI protections. This blog explores what that means for the future of smartphone security.

AI-generated phishing attacks pose a big threat to consumers and businesses if device vendors don’t fight back with more sophisticated on-device natural language checks and deepfake detectors.

According to the latest findings in Omdia’s Mobile Device Security Scorecard, phishing attacks continue to be the most common smartphone security threat to consumers. Yet, hands-on testing of the latest devices, including the iPhone 17 Pro Max, showed that no device could detect and stop the kinds of sophisticated, hand-made phishing attempts which AI will make more common. 

27% of consumers reported experiencing phishing scams in the past year - according to the Omdia Mobile Device Security Survey conducted in October 2025 - making it the most common type of security incident on smartphones. The survey also showed that phishing attacks are most common in English-speaking countries, with the United States leading with 40% of respondents experiencing phishing attacks, followed by the United Kingdom (36%), Ireland (35%), Canada (32%), and Australia (30%). Singapore, where English is one of the official languages, also reported a high rate of 26%. This trend suggests that scammers prioritise targeting English-speakers, likely due to the language's global prevalence, with a particular focus on high-income consumers in mature markets.

The threat that AI poses to smartphone security

As more advanced AI and larger LLM models become more accessible and affordable, scammers will have more tools in their belt. They can craft more sophisticated scam campaigns quicker than ever before, and can even tailor it to each target with a greater understanding of more believable language and formatting - within Omdia’s framework for AI and cybersecurity this is categorized as “Cybersecurity against AI”.

How will AI help secure your smartphone

In response to growing AI-powered cybersecurity threats, many emerging cybersecurity technologies in the smartphone space are also AI-driven. Google recently launched on-device scam protection using natural language checks, detecting more sophisticated scam messages and even voice calls in real time. This falls under Omdia's categorization of "Cybersecurity with AI" and "Cybersecurity by AI," with generative AI (GenAI) falling into the first category and agentic AI into the second.

Despite Omdia’s testing revealing that the most sophisticated and novel scam messages still managed to fall through the cracks, AI-based security technology remains valuable in this space - and is only expected to improve with time. This will be vital as attacks will also in turn only get more sophisticated with improved AI.

Currently, Google’s Scam Detection in Messages is available in 27 countries in English, Spanish, Portuguese, German, French and Arabic. Scam Detection for Phone by Google remains Pixel exclusive (expanding to multi-country support) and need to be actively enabled by the user in the Google Phone app due to it needing privacy permissions in order to run in the background of their calls.

Consumer pushback and scepticism remain a challenge

However, consumer attitudes towards AI features in smartphones is overall not positive, with Omdia’s survey data showing it consistently ranked the least important consideration when deciding which smartphone to purchase.  It had the lowest number of people rating it as critical or important (16% and 31%, respectively) in the survey, and the highest share of respondents (11%) rated it as not important to their purchase at all.

Figure 2: Smartphone feature purchase prioritization

AI attitudes vary by region, however, with markets like France (20%) and the US (18%) being the most skeptical and rating AI features as "not important" more than other markets do. Conversely, countries like India (1%) and Spain (7%) show less scepticism around AI features and even greater enthusiasm, with 25% of Indian respondents rating AI as critical to their purchase decision.

Figure 3: Consumer importance ranking of AI features by country

This suggests that awareness and enthusiasm for AI features is generally low - particularly in the nations that also record the highest rates of phishing attacks. While vendors develop more advanced AI security features, if they require consumers to actively enable them and accept that on-device AI will need to process their personal information, including emails, messages and calls, the true obstacle to overcome will be consumer scepticism towards trusting AI to protect them.

Many consumers not updating their devices with the latest protections

The survey also sheds light on consumer behavior regarding smartphone software updates. Interestingly, while 38% of respondents update their devices immediately when new software is available, and 31% do so within a week, this is a decline of 9% from the previous year. Alarmingly, 14% take longer than a month, 6% wait six months, and 2% never update their devices – meaning more consumers are waiting longer to update their devices, leaving them vulnerable to emerging threats. 

Omdia’s survey suggests consumers may even be intentionally avoiding updates due to concerns about performance decline, battery drain or bugs following updates - with all of these features ranking higher than robust security features when buying a new device (figure 2). 

Figure 4: Consumer smartphone security update frequency

The truth is, whether consumers like it or not, scammers will be using AI to target them. To best protect themselves, they need to ensure that they are updating their devices, following personal data protection best practice (which will include giving new AI security features permission to access and read their personal information). Vendors in turn need to reassure consumers that on-device AI can not only be secure but also make their devices more secure.

As attacks become more sophisticated, consumer awareness is on the rise

It’s not all doom and gloom. One positive outcome of Omdia’s research is the indication that regulatory changes have raised awareness and empowered consumers. This year, we found that security updates were rated the most important security feature on smartphones. Just last year, there were still devices with no published security update end-date. However, this has since become a requirement under a number of security regulations (including the PSTI Act in the UK) and it seems consumers are now expecting this - and rightfully so. 

Consumers also have high confidence in their smartphone’s level of security, with 33% believing their smartphone is “very effective” at providing security updates. 

Those that lead smartphone AI will lead smartphone security

Omdia’s Mobile Device Security Scorecard 2025 report ranks flagship devices from six major smartphone manufacturers based on their security features. Google’s Pixel 10 Pro emerged as the industry leader, scoring the highest marks in most categories, including security updates, network security, and anti-malware protection. Samsung’s Galaxy S25 followed closely, while Apple’s iPhone 17 Pro Max showed room for improvement in areas like anti-scam and phishing protection.

Despite advancements in device security, no smartphone tested scored full marks in anti-phishing protection. Custom phishing payloads from unknown senders remain undetected across all devices, highlighting the need for more sophisticated defences.

As phishing scams continue to be the leading security threat affecting smartphone users, the findings from the Omdia Mobile Device Security Consumer Survey 2025 emphasize the importance of proactive security measures. AI security might not be the answer to the most sophisticated and personal phishing attacks right now, but continued focus from smartphone manufacturers in developing on-device natural language and deepfake checks will be vital as these attackers start to use more AI to make phishing attacks more natural, personal and convincing.

Regulation has played an important role in pushing just how important software and security updates are to consumers, however users must prioritize timely updates and remain vigilant against phishing attempts, while manufacturers and regulators must work together to enhance device security, build consumer trust and address misconceptions around reduced performance and battery and bugs following updates.