Perplexity is now baked into Samsung’s Galaxy S26 at the operating system level, and it didn’t ask for your permission first.
Perplexity announced the partnership by boasting that the company has “OS-level access to 100M+ Samsung S26s.” That framing, chosen by Perplexity itself, tells you something. We’re not talking about a downloadable app you can ignore. Perplexity’s Sonar API connects directly to Notes, Calendar, Gallery, Clock, and Reminders.
A dedicated “Hey Plex” wake word summons a standalone assistant. Bixby can now routes its search queries through Perplexity’s cloud. Perplexity APIs will also power Samsung’s browser. It’s Perplexity all the way down.
This is the first time Samsung has handed OS-level access to a company that isn’t Samsung or Google.
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
John Scott-Railton, a senior researcher at Citizen Lab, spotted the problem immediately. Perplexity’s announcement contained “zero mention” of privacy, security, or encryption. The integration, he explained, “breaks” Android’s “baseline sandbox model.”
Android’s security architecture keeps third-party apps isolated from each other. For example, TikTok can’t read your private notes because sandboxing prevents it. Perplexity now sits outside that model, “making a kernel-adjacent data bridge for Perplexity into your personal stuff.”
Scott-Railton also flagged that the risk of “prompt injection & other attacks against an agentic AI that has OS-level access to personal stuff is also real.” An AI agent with deep system access isn’t just a privacy problem. It’s an attack surface.
The architecture makes the data exposure worse than it looks on paper. The Galaxy S26 routes your queries between three separate companies: Samsung, Perplexity, and Google Gemini, depending on which wake word you used, what you asked, and what context the system inferred.
Sooraj Sathyanarayanan, a security and privacy researcher, mapped out what that actually means for your data: “three separate cloud pipelines, three separate retention policies, three separate training practices.” One question to your phone, three corporate data regimes absorbing the answer.
Samsung points to its “Process Data Only on Device” toggle as a privacy safeguard. Sathyanarayanan is direct about what that toggle actually does: “The moment Bixby or Plex needs the web, your local data context goes to the cloud.”
Perplexity’s entire value proposition is real-time web retrieval. The toggle evaporates the moment the AI does anything useful. “The toggle is theater,” Sathyanarayanan wrote. What Samsung has actually shipped is, in his description, “a multi-party data harvesting pipeline with system-level permissions.”
None of this is arriving without a paper trail of warnings. Singapore-based mobile security firm Appknox audited Perplexity’s Android app in April 2025 and found ten significant vulnerabilities. The list included hardcoded API keys embedded directly in the app’s code, which any attacker who decompiles the app can extract and use to access Perplexity’s backend services.
The app lacked SSL certificate pinning, leaving it open to interception attacks. It had no bytecode obfuscation, making its code trivially easy to reverse-engineer. It was also vulnerable to StrandHogg, a known Android flaw that lets attackers overlay fake interfaces on top of legitimate ones to steal credentials.
Appknox CEO Subho Halder described the findings plainly: “Our testing highlights critical vulnerabilities in Perplexity AI that expose users to a variety of risks, including data theft, reverse engineering, and exploitation.” He called on Perplexity to address the issues “swiftly.” That was ten months ago. Those vulnerabilities appear to remain unaddressed.
Samsung has now elevated that same app to kernel-adjacent OS access on its flagship device. The company framing this as a privacy story, complete with a hardware-level privacy display on the S26 Ultra to block shoulder-surfers, handed the keys to your notes and photo library to a company whose Android app has documented, unpatched security flaws. Samsung calls the overall experience “seamless.” The technical documentation says something different.
The Perplexity-Samsung situation is the clearest expression yet of a pattern accelerating across the entire tech industry: AI capabilities are being pushed deeper into devices, operating systems, and everyday software, and the privacy architecture was never designed to handle it.
