Samsung’s most secure feature seems to have a few holes

News
By
published

A security hole in Samsung's Secure Folder lets anyone peek at the apps and photos you thought were locked away.

The Galaxy S24 Plus with a light behind it
(Image credit: Derrek Lee / Android Central)

What you need to know

  • A major flaw in Samsung’s Secure Folder lets anyone with physical access peek at stored apps and photos, especially in work profiles.
  • Whether set up by a company or through third-party apps, work profiles break Secure Folder’s defenses, putting sensitive data at risk.
  • Apps inside Secure Folder can also be spotted through the system’s Permission Manager, revealing their presence.

Turns out, Samsung’s Secure Folder might not be the digital fortress we all thought it was. A fresh discovery has uncovered a major security gap, especially when it comes to work profiles. This flaw throws a wrench in the idea that your stuff is completely locked down.

A Reddit user has uncovered a flaw that lets anyone with physical access to your phone peek into apps and photos stored in Samsung’s Secure Folder (via Android Authority). The issue is tied to work profiles, which allow files to be pulled from Secure Folder without needing extra authentication.

This security flaw isn’t just limited to work profiles set up by companies: it also affects those created through third-party apps. That means the Secure Folder’s defenses are pretty much busted, except when accessed from personal profiles. This puts sensitive data at risk, especially if someone with admin access—like an employer’s IT team—digs into the work profile.

According to Android Authority, the issue boils down to how Secure Folder is built on Android’s Work Profile feature, which was initially meant for corporate setups. This setup creates a major gap between what Secure Folder is supposed to be—a private, encrypted vault—and how it actually works, which is more like a regular work profile. Because of this, apps in the work profile can use Android’s photo picker to access your “secured” photos and videos, completely dodging the lock you thought was keeping them safe.

On the other hand, Secure Folder isn’t the same as Android 15’s Private Space. Google built Private Space to function as a totally independent user profile, creating a stronger barrier between your private data and the rest of your device.

Samsung Secure Folder flaw demo - YouTube Samsung Secure Folder flaw demo - YouTube
Watch On

After thorough testing, Mishaal Rahman from Android Authority confirmed the flaw, showing that media files in Secure Folder were exposed. However, other file types stayed protected thanks to Android’s file picker restrictions.

While some files stay protected, there’s another sneaky issue that lets hidden apps in the Secure Folder be exposed. If someone digs into the system’s settings and checks the Permission Manager, they can see a list of apps that have requested permissions—including the ones you thought were safely tucked away in the Secure Folder.

Samsung has apparently acknowledged the security flaws, but the company has not shared any concrete plans for a fix yet.

Jay Bonggolto
Jay Bonggolto
News Writer & Reviewer

Jay Bonggolto always keeps a nose for news. He has been writing about consumer tech and apps for as long as he can remember, and he has used a variety of Android phones since falling in love with Jelly Bean. Send him a direct message via Twitter or LinkedIn.

More about apps software
Google Gemini app on Lenovo Chromebook Duet 11

Google adds free Gemini Code Assist tier with 180,000 monthly code completions
Using Google Circle to Search on a Samsung Galaxy S24 Ultra

Google could make Circle to Search slicker with a transparent navigation bar
AST SpaceMobile satellite

Verizon and AT&T test first satellite-based video calls, and it's not Starlink
See more latest