Latest Top Posts

this-may-be-one-of-the-ugliest-android-phones-i’ve-ever-seen

This May Be One Of The Ugliest Android Phones I’ve Ever Seen

exclusive:-official-galaxy-a26,-a36-&-a56-accessories-shown-in-over-100-images

Exclusive: Official Galaxy A26, A36 & A56 Accessories Shown In Over 100 Images

fbi-issues-security-warning-on-ransomware-attack-that-targets-mobile-devices

FBI Issues Security Warning On Ransomware Attack That Targets Mobile Devices

more-iphone-17-pro-design-details-leaked

More IPhone 17 Pro Design Details Leaked

new-phishing-tool-lets-cybercriminals-clone-websites-with-terrifying-ease

New Phishing Tool Lets Cybercriminals Clone Websites With Terrifying Ease

A Flaw In Samsung’s Secure Folder Lets Anyone See What Apps And Photos You Have

Authority Insights News Samsung Add Comment 8 Min Read
a-flaw-in-samsung’s-secure-folder-lets-anyone-see-what-apps-and-photos-you-have
A Flaw In Samsung’s Secure Folder Lets Anyone See What Apps And Photos You Have
Samsung Secure Folder hero image

Mishaal Rahman / Android Authority

TL;DR

  • A flaw has been discovered in Samsung’s Secure Folder feature, which allows anyone to view the apps and photos stored in it.
  • This is possible because Samsung’s Secure Folder is set up like a Work profile.
  • Subsequently, the Android Settings and Permission Controller apps treat it like one and let you see what apps and photos are in the Secure Folder, even when it’s locked.

If you own a Samsung device and want to keep some files, images, videos, or apps hidden from other people, then you’ll want to use Samsung’s Secure Folder feature. The feature creates a new profile with its own storage space and screen lock, keeping your sensitive apps and files private. Or so we thought until a flaw was discovered in Samsung’s Secure Folder that lets anyone see which apps and photos you have.

You’re reading an Authority Insights story. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won’t find anywhere else.

Exfiltrating photos and videos from the Secure Folder

Reddit user lawyerz88 recently discovered a method to access photos and videos saved in the Secure Folder. Normally, if you launch an app that asks you to insert a photo or video using the Android photo picker, Android will block access to items stored in the Secure Folder, even if it’s unlocked. However, this is only the case if you try to access Secure Folder items from a “personal” app, i.e., an app running in the main profile. If you try to access Secure Folder items from a “work” app, though, then Android doesn’t block access.

See also  Samsung Reportedly Won't Make Major Changes To 2025 Foldables As Sales Shrink

We were able to replicate this flaw in One UI 7 by manually creating a work profile using the Shelter app. Apps like Shelter can create a work profile on any device, which means that so long as someone has physical access to your Samsung device, they can install the Shelter app to see what photos and videos are saved in the Secure Folder. If you already have a work profile enabled through your employer, it’s possible this loophole won’t function if they configured it such that work files aren’t accessible at all. However, we haven’t been able to verify whether certain employer-configured work profiles actually prevent this access.

On the bright side, this flaw doesn’t extend to getting broad access to all files stored in the Secure Folder. In our testing, we noticed that the Android system file picker blocks access to Secure Folder files even if the file picker is accessed through a “work” app. This means that only photos and videos are at risk of being accessed outside the Secure Folder.

One way to ensure that photos and videos can’t be accessed outside the Secure Folder is to encrypt it. The Secure Folder isn’t encrypted by default, but you can encrypt it by tapping the menu inside of it and then selecting the “encrypt” option. Doing so pauses the Secure Folder so its files can’t be accessed through the photo picker.

See also  Hands-On: Everything That's Actually New On The Galaxy S25 Series [Gallery]

Determining what apps are installed in the Secure Folder

Android Authority also discovered a separate flaw in Secure Folder, one that lets anyone see what apps are part of it. To see this, go to Settings > Security and privacy > More privacy settings > Permission Manager. Then, select one of the permissions in the list. You may find apps from the Secure Folder listed there.

Commonly requested permissions, such as location, tend to list more Secure Folder apps. This is the case even when the Secure Folder is encrypted, meaning there’s no way to prevent Secure Folder apps from appearing in the permission manager.

Notably, the notification permission is one of the few permissions that doesn’t leak any information about what apps are in the Secure Folder. This is because the notification permission page is handled by Samsung Settings instead of the Android Permission Controller app. This distinction is important because it ties into why this flaw exists in the first place.

Why are apps and photos in Samsung’s Secure Folder visible outside of it?

The cause of this flaw traces back to how Samsung constructed the Secure Folder. The user type that the Samsung Secure Folder belongs to is android.os.usertype.profile.MANAGED. According to Android’s source code, this is the user type “representing a managed profile, which is a profile that is to be managed by a Device Policy Controller (DPC). The intended purpose is for work profiles, which are managed by a corporate entity.” In other words, the Secure Folder uses the same user type as an actual Work profile.

Samsung Secure Folder and Work Profile Users

Mishaal Rahman / Android Authority

As a result, the Android photo picker and Permission Controller apps treat the Secure Folder profile as a work profile, since, internally, it functions as one. The photo picker and Permission Controller are part of Project Mainline modules, which means they’re made by Google, not Samsung. Thus, Samsung has no control over the behavior of the photo picker and Permission Controller and subsequently can’t hide Secure Folder apps from them. The company does have control over its own Settings app, though, which is why the notifications permission page in One UI — which is part of Samsung’s Settings app — hides Secure Folder apps.

See also  Many Galaxy S25 AI Features Have Not Been Leaked, Tipster Claims

It’s worth noting that this flaw doesn’t exist with Google’s version of Secure Folder, i.e. Android 15’s Private Space. This is because Google created an entirely new user type for Private Space, android.os.usertype.profile.PRIVATE, which is treated differently by the photo picker and Permission Controller apps. Android recognizes when the private profile is locked and subsequently hides it from the photo picker, Permission Controller, and other system surfaces.

In theory, Samsung could thus fix this issue by changing what user type the Secure Folder uses under the hood. However, it probably isn’t that simple, and I’m not even sure it’s possible to migrate the user type without resetting it.We reached out to our contacts at Samsung to see if the company is aware of this flaw and if it has any plans to address it. We will update this article if we hear back.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it’s your choice.

Tags: