Samsung's Secure Folder has major flaw allowing images to be viewed under certain conditions
Samsung's Secure Folder is a feature that gives Galaxy users a secure place for them to store sensitive data including private files, apps, videos, and photos. The folder offers protection via the use of a passcode and encryption. But if you are using the Secure Folder, the personal data that you store inside it might not be as safe as you think or as Samsung would have you believe.
A Reddit subscriber has put up a post that has many Galaxy device owners concerned. According to this Redditor, contents inside the Secure Folder are accessible to others even while the folder is locked. This would really be shocking in light of Samsung's insistence that the Secure Folder is "protected by the defense-grade Samsung Knox security platform, which encrypts all data stored there, making sure that your information is kept safe from any malicious attacks."
The Secure Folder is designed to block access to photos and videos inside the folder, even when unlocked, if an app requests that a photo or video be inserted. However, this protection seems to work only if the app seeking access to the photos and videos is a personal one running from the main profile. If the app requesting access is a work profile app though, something different takes place.
Photos and videos hidden in your Galaxy device's Secure Filter can be accessed by attackers under certain circumstances. | Image credit-Android Authority
If someone has physical control of your Samsung device, installing a work profile app like Shelter will allow that person to view the photos and videos that the device owner has saved in his Secure Folder. That's because Shelter can create a work profile on any device including a Galaxy phone or tablet. This would make photos and videos open to being accessed.
Apparently, in this scenario, only photos and videos are vulnerable and any other type of data remains secure.
There is one bit of possible good news. If you have a work profile set up on your Galaxy device by your employer, and it was set up so that work files can not be accessed at all, the photos and videos residing in your Secure Folder might remain protected. You can also try to prevent photos and videos from being viewed outside of the Secure Folder by encrypting it. Not encrypted by default, if you open the menu belonging to the Secure Folder and select the "encrypt" option, it will prevent the Android photo picker from getting to the Secure Folder's files.
An attacker can learn which apps you have in your Secure Folder by looking at the Permission Manager on your Galaxy device. | Image credit-Android Authority
Another flaw in Secure Folder could show anyone which apps are in your Secure Folder. Going to Settings > Security and privacy > More privacy settings > Permission Manager and tapping on a permission will show someone with malicious intent which apps you have installed in the folder. Usually, tapping on the Location permission will reveal many of these apps.
Hopefully, Samsung will tighten things up with its Secure Folder before it becomes known as the in-Secure Folder. Make sure you have encryption enabled for your Secure Folder. It could save someone you don't know from grabbing your Galaxy device and viewing photos and videos that you thought were protected.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: