What you need to know
- A major flaw in Samsung’s Secure Folder lets anyone with physical access peek at stored apps and photos, especially in work profiles.
- Whether set up by a company or through third-party apps, work profiles break Secure Folder’s defenses, putting sensitive data at risk.
- Apps inside Secure Folder can also be spotted through the system’s Permission Manager, revealing their presence.
Turns out, Samsung’s Secure Folder might not be the digital fortress we all thought it was. A fresh discovery has uncovered a major security gap, especially when it comes to work profiles. This flaw throws a wrench in the idea that your stuff is completely locked down.
A Reddit user has uncovered a flaw that lets anyone with physical access to your phone peek into apps and photos stored in Samsung’s Secure Folder (via Android Authority). The issue is tied to work profiles, which allow files to be pulled from Secure Folder without needing extra authentication.
This security flaw isn’t just limited to work profiles set up by companies: it also affects those created through third-party apps. That means the Secure Folder’s defenses are pretty much busted, except when accessed from personal profiles. This puts sensitive data at risk, especially if someone with admin access—like an employer’s IT team—digs into the work profile.
According to Android Authority, the issue boils down to how Secure Folder is built on Android’s Work Profile feature, which was initially meant for corporate setups. This setup creates a major gap between what Secure Folder is supposed to be—a private, encrypted vault—and how it actually works, which is more like a regular work profile. Because of this, apps in the work profile can use Android’s photo picker to access your “secured” photos and videos, completely dodging the lock you thought was keeping them safe.
On the other hand, Secure Folder isn’t the same as Android 15’s Private Space. Google built Private Space to function as a totally independent user profile, creating a stronger barrier between your private data and the rest of your device.
Watch On
After thorough testing, Mishaal Rahman from Android Authority confirmed the flaw, showing that media files in Secure Folder were exposed. However, other file types stayed protected thanks to Android’s file picker restrictions.
While some files stay protected, there’s another sneaky issue that lets hidden apps in the Secure Folder be exposed. If someone digs into the system’s settings and checks the Permission Manager, they can see a list of apps that have requested permissions—including the ones you thought were safely tucked away in the Secure Folder.
Samsung has apparently acknowledged the security flaws, but the company has not shared any concrete plans for a fix yet.