• Samsung has patched a Secure Folder flaw that previously allowed anyone with physical access to see your hidden apps and photos.
• The vulnerability existed because Secure Folder was implemented as a “work profile,” which key system components didn’t recognize as a highly secure space.
• One UI 8 reclassifies Secure Folder as a “private” profile, ensuring system apps now correctly hide its sensitive files and app information from view.

---

Samsung’s Secure Folder feature makes it easy to hide sensitive files and apps on your Galaxy device. It creates a separate, sandboxed profile where you can move your private content. This profile is then protected by a passcode, preventing unauthorized users from accessing what’s inside. However, a flaw was discovered earlier this year that allowed anyone with physical access to your device to see which apps and photos you had stored in your Secure Folder. Fortunately, Samsung has patched this vulnerability in its latest One UI 8 release. Here’s how the flaw worked and what Samsung did to fix it.


To understand the flaw, you first need to know about Android’s “profiles.” These are sandboxed spaces with their own app data separate from the main user, but they share the same lifecycle and some system-wide settings. The “work profile” is the most well-known type, but there are some others. For instance, Android 14 introduced “clone” profiles for running multiple instances of an app, while Android 15 added “private” profiles to support Google’s Private Space feature.



More...