Samsung is preparing a major upgrade to how Galaxy devices handle phishing-related app risks in One UI 9. The new system is designed to go beyond blocking harmful apps at install time and can also stop already installed apps from running once they are identified as threats.
That shift closes an important gap for Galaxy users. If a risky app slips through before it is detected, Samsung wants to make sure it still cannot be used afterward.
A stronger layer after installation
Samsung says the enhanced feature will arrive through an upgraded version of Phishing App Risk Alert. The older protection focused mainly on preventing phishing apps from being installed in the first place.
With the new approach, an app that is already on the device can be blocked from running if it is later recognized as malicious. That matters because threats are not always identified at the moment of installation.
Samsung has already offered phishing app protection on Galaxy devices running One UI 6.1 and later. That protection was built to stop apps that steal personal information, financial credentials, and other sensitive data.
In that system, Samsung works with the National Police Agency, which provides information about apps linked to fraud.
How the upgraded system works
Under the improved version, the system checks Galaxy Store reputation data when a user installs an app. The check is used to identify apps that may fall into the phishing category.
If a harmful app is detected, it is blocked immediately so it cannot run. Protection therefore does not end at installation and continues into app execution.
Samsung is also adding alerts tied to specific scam patterns. Users will be warned about apps installed shortly after a suspected voice phishing call or through remote access.
If a user tries to open such an app, the system will recommend removing it. That design shows Samsung is not relying only on threat lists, but also on the context in which an app was installed.
Why the feature matters
Phishing apps are dangerous because they often disguise themselves as ordinary services. Once opened, they can be used to steal personal data or financial information.
The risk grows when an app is installed through social engineering, including after a scam call or when an attacker gains remote access to a victim’s device. In those situations, users may not realize that the app they installed has become a doorway for crime.
That is why the ability to block an app that is already installed is a crucial extra layer of defense. It gives the system a second chance to intervene even if the threat is only recognized after the app has entered the device.
Rollout timing for One UI 9
Samsung says the upgraded Phishing App Risk Alert system will ship with One UI 9 on new smartphones in the second half of 2026. That suggests the next generation of Galaxy foldables could be the first devices to get it.
The Galaxy foldables expected to launch on July 22 are seen as the most likely early recipients of the new security system. After that, the same feature could reach other eligible Galaxy devices through a One UI 9 update.
The move places security among the key priorities in Samsung’s next interface update. Rather than focusing only on visual changes or convenience features, Samsung is strengthening direct protection against digital scam tactics that continue to evolve.
For Galaxy users, the change means the security system will act more aggressively when it detects suspicious apps that are already on the device. In practice, that could serve as the last barrier before a malicious app is launched and reaches sensitive data.