Samsung’s One UI 7 update rollout has come to a screeching halt just a week after its release. While the company has yet to offer a clear explanation, the scale of the rollback suggests something serious went wrong. So far, discussions have focused on bugs affecting battery life, app compatibility, and phone unlocking issues. But there may be another, much more serious reason behind Samsung’s decision to pause the One UI 7 update: a security flaw in Secure Folder.
Secure Folder has a serious privacy flaw in One UI 7
The folks over at SamMobile recently discovered a troubling issue in One UI 7 involving Samsung’s Secure Folder, the encrypted space meant to keep sensitive files, apps, and media private. It turns out, the Gallery app inside Secure Folder can unintentionally expose its contents outside the protected environment. And no, it doesn’t require hacking or trickery.
This privacy loophole involves automatically generated stories based on your photos. Samsung’s Gallery app has a feature that creates stories or slideshows using your photos on its own so you can share them with friends. When a new story is generated, it triggers a system notification so you can check it out. It’s a handy feature to have on your phone.
However, in One UI 7, this feature led to a serious privacy breach. The Gallery app inside Secure Folder creates a story using your private photos and then sends a system notification that is visible outside of Secure Folder. Worse yet, when you tap that notification while using the device in the standard (non-secure) profile, you’re able to view the entire contents of the story without needing to sign into Secure Folder. Effectively, the system bypasses the privacy barrier it is supposed to enforce.
The publication tested this across the Galaxy S24, Galaxy Z Flip 6, and Fold 6 running One UI 7. The issue exists on all devices. That means the problem lies in One UI 7.
Is this why Samsung pulled the update?
Samsung hasn’t confirmed that this Secure Folder bug is the reason for pulling One UI 7, but it’s hard to ignore the timing. Security oversights — especially ones that involve user privacy — are usually treated with urgency. The Korean firm has already pulled the update globally for all Galaxy devices and even deleted rollout roadmaps from its regional websites. However, it remains silent on when the update will resume.
Meanwhile, if you’re already running One UI 7 and use Secure Folder, you can disable auto stories to stay safe from this privacy loophole. Open Gallery inside Secure Folder, tap the Menu button (three lines), go to Settings, and then turn off “Auto create stories.” This setting is enabled by default, so unless you’ve changed it manually, your private content may be at risk.
We expect Samsung to address this flaw soon and promptly resume the One UI 7 rollout. But with no official communication, we can only wait and watch. We’ll continue tracking this issue and update you as soon as more information becomes available.
