Summary
- Certain Samsung Galaxy devices had a security flaw allowing access to Secure Folder contents.
- Google-designed components in Android lacked proper protection for old “work” profiles.
- With One UI 8, Samsung reclassified Secure Folder as a “private” profile for better security.
You would rightfully assume the apps and photos in the “Secure Folder”—emphasis on Secure—on your Galaxy phone were safe. Well, a sneaky little flaw allowed anyone with physical access to your device to peek at your hidden treasures. Samsung is finally addressing this with the One UI 8 update.
When Samsung first launched Secure Folder back in 2017, Android wasn’t really built for such a feature. So, it had to use the existing “work profile” framework. While this basically worked, it created a pretty big problem. Some core system components would misidentify Secure Folder as a regular work profile. These components weren’t designed to treat a work profile with the extreme privacy and security that Secure Folder was supposed to offer. That meant it was pretty easy to access the contents of the Secure Folder from certain apps, as shown in the video below.
The key lies in core Android components, like the Photo Picker and Permission Controller. These are controlled by Google, not Samsung. And Google designed them to recognize and conceal content for Android 15’s new “Private Space” feature. However, they weren’t built to extend the same level of protection to those old “work” profiles. This meant they could easily be exploited to show off your supposedly hidden photos and even list the apps you had installed in your Secure Folder.
Related
How to Make Samsung’s Secure Folder Even More Secure
The Secure Folder app on Samsung phones is a great tool to safeguard your private photos, files, and app data. However, there are ways in which you can make it even more secure to minimize the chances of anyone stumbling upon something they weren’t meant to see.
Fortunately, with One UI 8, Samsung has made an important change. It’s reclassified Secure Folder as a “private” profile. This seemingly minor change makes all the difference as it ensures that Google’s Photo Picker and Permission Controller now properly identify Secure Folder as a protected space, keeping your files and app information truly private.
However, this only works when you fully hide the Secure Folder, not just close it. Hiding the folder actually does more than just remove the icon from your app drawer. It also encrypts everything within, stopping the apps from running and preventing any notifications from giving them away. To do so, go to Settings > Biometrics and Security> Secure Folder. Toggle “Show icon on Apps screen” off.
This fix was included on the new Galaxy Z Fold 7, Galaxy Z Flip 7, and Galaxy Z Flip 7 FE last week. It’s expected to roll out to the Galaxy S25 series and other older models in the coming weeks.
Source: Android Authority
Related
Here’s When Your Samsung Galaxy Will Get Android 16 (One UI 8)
Google unleashed the first Android 16 beta in January 2025, packed with new features and changes. Now that the update is officially here and the first Samsung Galaxy Android 16 (One UI 8) betas are arriving, here’s what you need to know and expect.