Samsung’s Secure Folder has long served as a refuge for Galaxy users to store sensitive files, apps, and the occasional amusing meme, providing a shield against unwanted scrutiny. However, earlier this year, a hidden vulnerability raised concerns about this sanctuary’s security. Although the data remained encrypted, certain system components allowed anyone with physical access to glimpse the apps and photos tucked away inside this secure space. Fortunately, Samsung’s recent One UI 8 update addresses this issue, but it has also left some important questions unanswered.
To understand the problem’s roots, we need to delve into Android’s profile mechanics. For years, Samsung’s Secure Folder utilized Android’s “work profile” system, initially designed for enterprise contexts. This method keeps app data isolated while sharing some key system components, including Google’s Photo Picker and Permission Controller. The problem arose when these components, which can effectively hide content in new “private” profiles, failed to extend the same courtesy to traditional work profiles.
This oversight meant that, even when the Secure Folder was locked, knowledgeable users could use the Photo Picker to see media or discover which apps were installed—hardly the level of privacy expected from such a feature. In response, Samsung reclassified the Secure Folder as a “private” profile in One UI 8. This adjustment aligns the Secure Folder with Android 15’s more secure Private Space framework, ensuring that system-level tools treat it appropriately. Now, app info and files are securely hidden, reassuring users about their privacy.
However, there is a caveat: these enhanced protections only activate when the Secure Folder is hidden, not merely closed. Hiding it removes the launcher icon and disables notifications, encrypting data and ceasing app activity altogether, while simply locking it doesn’t suffice. Another challenge arises with third-party launchers. Although Android 15 introduced the necessary APIs for Private Space integration, Samsung has not yet expanded support to custom launchers like Niagara or Nova.
This gap means users of such launchers may encounter unexpected behavior, or even find the Secure Folder remains visible. While One UI 8 successfully addresses a major privacy flaw, Samsung’s incomplete implementation of corresponding APIs indicates areas for improvement. Users keen on privacy should remain aware of these limitations, and it’s hoped future updates will fully align the Secure Folder with Android’s private space objectives, along with providing comprehensive support for third-party launchers.
Leave a Reply