Samsung’s Secure Folder is a safe space for Galaxy users to store their private photos, videos, and other sensitive files, or is it? A newly discovered flaw exposes apps and photos stored in the Secure Folder to anyone with physical access to your phone. A work profile lets anyone retrieve files from the Secure Folder without any additional authentication. Samsung is aware of this issue but hasn’t announced any fix yet.
Secure Folder flaw lets anyone see your photos and apps without any restrictions
Secure Folder creates a separate profile with its own storage space and lock system, isolating its contents from the rest of the phone. However, Reddit user lawyerz88 recently discovered that photos and videos saved in the Secure Folder can be accessed through any app if you activate a work profile. This works if you have an active work profile through your employer or enable it manually via third-party apps.
This loophole exists because Secure Folder is built on Android’s Work Profile feature, which was originally designed for corporate environments. Effectively, the system does not treat Secure Folder as a private, encrypted space, but rather as another work profile. The Android system photo picker allows apps within a work profile to access “secured’ photos and videos even when the folder is locked.
Android Authority could verify this using the Shelter app to create a work profile on a Galaxy phone. When opening a media picker within a work profile, they could access media from the Secure Folder without any restrictions. This means anyone with physical access to the phone could potentially extract private photos and videos. This raises major concerns regarding the privacy of personal media.
Apps in this supposed “Secure Folder” are also exposed
Notably, other types of files stored in Secure Folder are safe, as the Android system file picker blocks access. However, another flaw allows anyone to see which apps are installed in Secure Folder. By navigating to Settings > Security and privacy > More privacy settings > Permission Manager, users can view apps that have requested permissions — including those hidden within Secure Folder.
This means that even if Secure Folder is locked or encrypted, apps stored within it are still partially visible in system settings, potentially revealing sensitive app usage.
Samsung is aware of the “work profile” loophole, and there’s a temporary fix too
The “work profile” loophole is a massive security flaw that Samsung needs to address as quickly as possible. Unfortunately, for the company to fix this issue, it would likely need to rework Secure Folder to function as a truly private space rather than a work profile. This could require a significant overhaul, potentially even resetting existing Secure Folder data.
Samsung does appear to be aware of the vulnerability. However, as of this writing, it hasn’t released any official statement regarding a potential fix. Until the company addresses this security loophole, there are a few steps you can take to protect your private files. Within Secure Folder, tap the menu (three vertical dots) and select Encrypt. This prevents access to files until manually decrypted.
Unless necessary, do not enable a work profile or use third-party apps that can create work profiles. Since app permissions can expose Secure Folder apps, you should also avoid keeping highly sensitive apps in the folder. While Secure Folder remains a useful privacy tool, this flaw highlights it isn’t 100% safe. Until then, users should take extra precautions to safeguard their private content.
