Samsung and Google are working towards bringing Android 17 to millions of phones in the next month. For Pixel owners the update started yesterday, Google announced.
Samsung Galaxy users won’t have to wait too long though, with One UI 9 now in its third beta and the full release expected within the next month as the Korean company races toward stable release.
Both One UI 9 and Android 17 bring a fresh look and new features, but the real upgrade—Gemini Intelligence—won’t land until Samsung Unpacked in July. With it comes some next generation agentic abilities, but also some serious questions about how safe they are to use.
Here’s What’s New in Android 17 On Pixel Phones And Samsung
The Samsung Galaxy S26 Ultra will get Android 17 this summer. (Photo by Joan Cros/NurPhoto via Getty Images)
NurPhoto via Getty Images
Android 17 brings a refreshed design and some new features. Bubbles, for example, lets you turn any app into a floating window that sits on top of whatever else you’re doing, useful for multitasking on larger screens. Screen Reactions lets you record your screen and selfie camera simultaneously, without switching apps.
For foldable users specifically, Android 17 introduces a dedicated foldable gaming mode with a 50/50 split layout. The game view is on top and dynamic gamepad below. Security improvements include temporary location sharing, selective contact sharing, and an enhanced Mark as Lost feature that locks a missing phone with your biometrics so a thief can’t access it even with your passcode.
Samsung Is Moving Quickly To Bring Android 17 To Galaxy Phones
Samsung’s One UI 9, which sits on top of Android 17, released its third beta for the Galaxy S26 series yesterday. According to Samsung tracker Tarun Vats and SamMobile, Beta 3 is now live in the U.K., Germany, India, Poland and South Korea. It’s a stability update, fixing camera preview cropping, lock screen widget errors, S Pen home screen swipe issues, and a bug that caused the phone to reboot during video streaming.
Beta 3 also adds a Quick Panel icon for Summarise Notifications, with a transparency label that tells you explicitly the summaries are AI-generated. Samsung has also started internal One UI 9 testing for the Galaxy A56, according to Tarun Vats. Check out the current list of Galaxy devices receiving the update here.
The Bigger Android 17 Upgrade Is Still Coming
Android 17 is the foundation. The headline feature, Gemini Intelligence, won’t land on Samsung and Pixel phones until the Z Fold 8 and Z Flip 8 launch next month, with the Pixel 11 series following shortly after.
Five features lead the rollout: app automation, Magic Cue (context-aware suggestions), Rambler (voice cleanup), smarter Autofill, and Create My Widget.
The app automation feature is the one I have my eye on because it’s the biggest change we’ve seen to Android in years. Google has fine-tuned multi-step automation for months on the Galaxy S26 and Pixel 10 using food ordering and ride-sharing apps.
The idea is that it will operate independently with minmial user input. For example, Google says Gemini Intelligence can book concert tickets and gym classes, find a student’s syllabus in their email and add relevant books to a shopping cart, or check your Notes app and add items directly to Amazon.
These are essentially agentic tools, which means the AI handles tasks without the user’s continual input. Check out Gemini Intelligence in action below.
It’s not uncommon in 2026, some AI services offer entrepreneurs agents that handle marketing for their business, content creation, responding to emails and so on. Claude can build apps for users through Clade Code and AI browsers like Perplexity’s Comet offer a similar experience to Gemini Intelligence in that it will work on its own to book and buy things.
Agentic AI is obviously incredibly useful, but it comes with some serious security concerns. Namely, something called a prompt injection attack, which cyber security firm Guardio Labs demoed to me working on the Comet browser.
In short, a hidden instruction embedded in a webpage caused the AI browser to autofill saved payment credentials and complete a purchase on a fake online shop (which only took 10 seconds to create with AI), without the user doing anything. The AI followed the attacker’s instructions, not the user’s.
It didn’t work every time. Sometimes Comet sensed the site was dodgy, sometimes it asked the user to complete the purchase manually, but sometimes it went all the way and completed the purchase automatically. Since publishing its report, though, Guardio told me the exact same attack hasn’t worked again. But the fact it did, and so easily, is a serious concern.
Google’s solution to that is several fail-safes. This includes deterministic rules that can’t be overridden by AI reasoning, origin gating that limits which sources can trigger actions, and a bodyguard model where a separate system monitors the agent’s behaviour. Google also says all automation is opt-in and purchases require explicit confirmation. Those are real protections.
But Mark Stockley, a security researcher at Malwarebytes, told me: “any kind of AI…is going to have the capacity to be vulnerable to prompt injection attacks for a long, long time. We’re basically playing catch-up with guardrails all the time.”
OpenAI said something similar last November, describing prompt injection as a “frontier” research problem they expect adversaries to keep exploiting. It’s not a problem the company has solved, rather a problem it is managing. When Gemini Intelligence lands on millions of Pixel and Galaxy phones this summer via Android 17, it will be the most mainstream deployment of agentic AI yet. That’s worth paying attention to.
