A recent discovery has raised concerns about the security of Samsung’s Secure Folder feature, which was designed to provide users with a private space for sensitive files, images, and applications. Initially thought to be a reliable safeguard, it appears that a flaw allows unauthorized access to certain content stored within this feature.
Exfiltrating photos and videos from the Secure Folder
A Reddit user, known as lawyerz88, uncovered a method to gain access to photos and videos saved in the Secure Folder. Typically, when an application requests a photo or video via the Android photo picker, access to items in the Secure Folder is restricted, even if it is unlocked. However, this restriction does not apply when accessing Secure Folder items through a “work” app. This loophole means that anyone with physical access to a Samsung device could potentially use an app like Shelter to create a work profile, thereby bypassing the intended security measures.
While this flaw does not grant access to all files within the Secure Folder, it does pose a risk specifically to photos and videos. Users can enhance their security by encrypting the Secure Folder, a feature that can be activated through the menu within the folder itself. This encryption effectively prevents unauthorized access via the photo picker.
Determining what apps are installed in the Secure Folder
In addition to the vulnerability regarding media files, another issue has been identified that allows individuals to view which apps are installed in the Secure Folder. By navigating to Settings > Security and privacy > More privacy settings > Permission Manager, users may find apps from the Secure Folder listed under various permissions, including commonly requested ones like location. This occurs even when the Secure Folder is encrypted, highlighting a significant oversight in the system’s privacy controls.
Why are apps and photos in Samsung’s Secure Folder visible outside of it?
The root of these vulnerabilities lies in the way Samsung has structured the Secure Folder. It operates under the same user type as a managed work profile, which is intended for corporate use. This classification leads the Android photo picker and Permission Controller to treat the Secure Folder as a work profile, allowing access to its contents inappropriately. Unlike Samsung’s implementation, Google’s version of secure storage—Android 15’s Private Space—utilizes a distinct user type that effectively prevents unauthorized visibility of locked content.
To address these issues, Samsung would need to consider altering the underlying user type of the Secure Folder. However, such a change may not be straightforward and could potentially require a reset of the Secure Folder. Efforts to engage with Samsung regarding this flaw are ongoing, and updates will be provided as more information becomes available.
Got a tip? Talk to us!
Email our staff at news@androidauthority.com. You can stay anonymous or get credit for the info, it’s your choice.
