Samsung acknowledges its Secure Folder isn't very secure after all

Samsung users who trusted their Secure Folder to protect sensitive photos, videos, and apps might want to reconsider where they stash their secrets. Turns out, it’s not as impenetrable as advertised.

The problem starts with how Samsung built Secure Folder. Instead of creating a fully isolated space, the company used Android’s work profile system — a tool meant for separating job-related apps from personal ones. This shortcut allowed apps in any work profile, including those set up by employers or third-party tools like Shelter, to peek into Secure Folder’s contents. Even worse, IT departments with remote access to work profiles could potentially see everything stored there.

It’s like hiding your diary under a mattress but forgetting your roommate has a key. The flaw was first flagged by a user who noticed apps in their work profile could browse Secure Folder files freely. Tests by Android expert Mishaal Rahman confirmed the risk, particularly for photos and videos. While other files are blocked by default, media stored in Secure Folder showed up in both personal and work profiles through Android’s file picker.

Another hiccup? Apps hidden in Secure Folder still appear in Android’s permission manager. Anyone checking that menu could see exactly which apps someone thought they’d buried. For those using Secure Folder to discreetly store dating apps, banking tools, or sensitive documents, this oversight is a privacy nightmare.

Samsung has reportedly acknowledged the issue but hasn’t shared details on when — or how — it’ll be fixed. Rahman speculates a proper solution might require rebuilding Secure Folder from the ground up, which isn’t something a quick software patch can handle. Until then, users are stuck with a vault that’s easier to crack than expected.

The takeaway? Until Samsung overhauls its approach, that locked folder might be better suited for grocery lists than secrets.