Samsung has successfully addressed a significant vulnerability in its Secure Folder feature, which previously allowed individuals with physical access to a device to view hidden apps and photos. This flaw stemmed from the implementation of Secure Folder as a “work profile,” a classification that certain key system components did not recognize as a highly secure environment.
Understanding the Vulnerability
The Secure Folder feature is designed to create a separate, sandboxed profile on Galaxy devices, allowing users to store sensitive files and applications securely. This profile is protected by a passcode, ensuring that unauthorized users cannot access its contents. However, the earlier classification as a work profile led to issues where some system components, such as the Photo Picker and Permission Controller, failed to treat it with the necessary level of security. As a result, these components could inadvertently expose information stored within the Secure Folder.
To clarify, Android utilizes various profiles, including work profiles and private profiles, to manage app data and settings. While Samsung initially opted to implement Secure Folder as a work profile in 2017, this decision created a fundamental flaw. Core components controlled by Google were not designed to provide the same protection for work profiles as they did for private profiles, leading to potential data exposure.
With the release of One UI 8, Samsung has reclassified Secure Folder as a “private” profile. This adjustment ensures that Google’s components now recognize it as a secure space, effectively preventing unauthorized access to its files and applications. It is essential to note that this enhanced protection is only effective when the Secure Folder is fully hidden, not merely closed. Hiding the folder encrypts the data within, halting app activity and notifications.
Despite these improvements, a notable limitation remains: the updated Secure Folder does not yet integrate with third-party launchers, such as Niagara Launcher. Although Google has enabled support for Private Space in Android 15 for third-party launchers, Samsung has yet to implement the necessary APIs for full compatibility. This gap leaves room for potential enhancements in future One UI updates.
As Samsung continues to refine its security features, users can expect ongoing improvements that prioritize their privacy and data protection. The recent patch for Secure Folder is a testament to the company’s commitment to safeguarding user information in an increasingly digital world.
