Mishaal Rahman / Android Authority
TL;DR
- Samsung has patched a Secure Folder flaw that previously allowed anyone with physical access to see your hidden apps and photos.
- The vulnerability existed because Secure Folder was implemented as a “work profile,” which key system components didn’t recognize as a highly secure space.
- One UI 8 reclassifies Secure Folder as a “private” profile, ensuring system apps now correctly hide its sensitive files and app information from view.
Samsung’s Secure Folder feature makes it easy to hide sensitive files and apps on your Galaxy device. It creates a separate, sandboxed profile where you can move your private content. This profile is then protected by a passcode, preventing unauthorized users from accessing what’s inside. However, a flaw was discovered earlier this year that allowed anyone with physical access to your device to see which apps and photos you had stored in your Secure Folder. Fortunately, Samsung has patched this vulnerability in its latest One UI 8 release. Here’s how the flaw worked and what Samsung did to fix it.
You’re reading an Authority Insights story. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won’t find anywhere else. These reports reflect developments at the time of writing. Some features or details uncovered in leaks may change before official release.
To understand the flaw, you first need to know about Android’s “profiles.” These are sandboxed spaces with their own app data separate from the main user, but they share the same lifecycle and some system-wide settings. The “work profile” is the most well-known type, but there are some others. For instance, Android 14 introduced “clone” profiles for running multiple instances of an app, while Android 15 added “private” profiles to support Google’s Private Space feature.
When Samsung introduced Secure Folder back in 2017, the only option was to implement it as a “work profile.” While this worked for the most part, it created a fundamental issue: some system components would incorrectly identify Secure Folder as a standard work profile. This was problematic because these components wouldn’t treat it as the highly secure space it was intended to be, which could lead to them inadvertently revealing the sensitive information stored inside.
You might wonder how it’s possible for system components to leak Secure Folder data when Samsung controls the One UI operating system. The answer is that certain core components, like the Photo Picker and Permission Controller, are actually controlled by Google. Google designed these components to recognize and hide content within Android 15’s new “private” profiles (used for the Private Space feature). However, they weren’t designed to afford the same protection to “work” profiles. This is why the Photo Picker and Permission Controller could be used to see photos and reveal which apps were installed in the Secure Folder.
Fortunately, One UI 8 fixes this by reclassifying Secure Folder as a “private” profile. This change ensures that Google’s Photo Picker and Permission Controller now recognize it as a protected space and properly hide its files and app information. It’s important to note, however, that this protection is only active when you fully hide the Secure Folder, not just close it. Hiding the folder does more than just remove its icon from your app drawer; it also encrypts the data inside, which stops its apps from running and prevents them from sending notifications.
One lingering issue, however, is that the updated Secure Folder still doesn’t integrate with third-party launchers like Niagara Launcher. I was hopeful this would change, especially since Google enabled Private Space support for third-party launchers in Android 15, but it seems Samsung hasn’t fully implemented the necessary APIs. Hopefully, this is something that can be addressed in a future One UI release.
