A flaw in Samsung’s Secure Folder lets anyone see what apps and photos you have – Android Authority

Affiliate links on Android Authority may earn us a commission. Learn more.Published onFebruary 24, 2025If you own a Samsung device and want to keep some files, images, videos, or apps hidden from other people, then you’ll want to use Samsung’s Secure Folder feature. The feature creates a new profile with its own storage space and screen lock, keeping your sensitive apps and files private. Or so we thought until a flaw was discovered in Samsung’s Secure Folder that lets anyone see which apps and photos you have.You’re reading an Authority Insights story. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won’t find anywhere else.Reddit user lawyerz88 recently discovered a method to access photos and videos saved in the Secure Folder. Normally, if you launch an app that asks you to insert a photo or video using the Android photo picker, Android will block access to items stored in the Secure Folder, even if it’s unlocked. However, this is only the case if you try to access Secure Folder items from a “personal” app, i.e., an app running in the main profile. If you try to access Secure Folder items from a “work” app, though, then Android doesn’t block access.We were able to replicate this flaw in One UI 7 by manually creating a work profile using the Shelter app. Apps like Shelter can create a work profile on any device, which means that so long as someone has physical access to your Samsung device, they can install the Shelter app to see what photos and videos are saved in the Secure Folder. If you already have a work profile enabled through your employer, it’s possible this loophole won’t function if they configured it such that work files aren’t accessible at all. However, we haven’t been able to verify whether certain employer-configured work profiles actually prevent this access.On the bright side, this flaw doesn’t extend to getting broad access to all files stored in the Secure Folder. In our testing, we noticed that the Android system file picker blocks access to Secure Folder files even if the file picker is accessed through a “work” app. This means that only photos and videos are at risk of being accessed outside the Secure Folder.One way to ensure that photos and videos can’t be accessed outside the Secure Folder is to encrypt it. The Secure Folder isn’t encrypted by default, but you can encrypt it by tapping the menu inside of it and then selecting the “encrypt” option. Doing so pauses the Secure Folder so its files can’t be accessed through the photo picker.Android Authority also discovered a separate flaw in Secure Folder, one that lets anyone see what apps are part of it. To see this, go to Settings > Security and privacy > More privacy settings > Permission Manager. Then, select one of the permissions in the list. You may find apps from the Secure Folder listed there.Commonly requested permissions, such as location, tend to list more Secure Folder apps. This is the case even when the Secure Folder is encrypted, meaning there’s no way to prevent Secure Folder apps from appearing in the permission manager.Notably, the notification permission is one of the few permissions that doesn’t leak any information about what apps are in the Secure Folder. This is because the notification permission page is handled by Samsung Settings instead of the Android Permission Controller app. This distinction is important because it ties into why this flaw exists in the first place.The cause of this flaw traces back to how Samsung constructed the Secure Folder. The user type that the Samsung Secure Folder belongs to is android.os.usertype.profile.MANAGED. According to Android’s source code, this is the user type “representing a managed profile, which is a profile that is to be managed by a Device Policy Controller (DPC). The intended purpose is for work profiles, which are managed by a corporate entity.” In other words, the Secure Folder uses the same user type as an actual Work profile.As a result, the Android photo picker and Permission Controller apps treat the Secure Folder profile as a work profile, since, internally, it functions as one. The photo picker and Permission Controller are part of Project Mainline modules, which means they’re made by Google, not Samsung. Thus, Samsung has no control over the behavior of the photo picker and Permission Controller and subsequently can’t hide Secure Folder apps from them. The company does have control over its own Settings app, though, which is why the notifications permission page in One UI — which is part of Samsung’s Settings app — hides Secure Folder apps.It’s worth noting that this flaw doesn’t exist with Google’s version of Secure Folder, i.e. Android 15’s Private Space. This is because Google created an entirely new user type for Private Space, android.os.usertype.profile.PRIVATE, which is treated differently by the photo picker and Permission Controller apps. Android recognizes when the private profile is locked and subsequently hides it from the photo picker, Permission Controller, and other system surfaces.In theory, Samsung could thus fix this issue by changing what user type the Secure Folder uses under the hood. However, it probably isn’t that simple, and I’m not even sure it’s possible to migrate the user type without resetting it.We reached out to our contacts at Samsung to see if the company is aware of this flaw and if it has any plans to address it. We will update this article if we hear back.

Source: https://www.androidauthority.com/samsung-secure-folder-flaw-3528891/