Samsung fixes the Safe Folder flaw that allow anybody see what apps you are hiding

Samsung’s Safe Folder characteristic makes it straightforward to cover delicate recordsdata and apps in your Galaxy system. It creates a separate, sandboxed profile the place you possibly can transfer your personal content material. This profile is then protected by a passcode, stopping unauthorized customers from accessing what’s inside. Nonetheless, a flaw was found earlier this yr that allowed anybody with bodily entry to your system to see which apps and pictures you had saved in your Safe Folder. Happily, Samsung has patched this vulnerability in its newest One UI 8 launch. Right here’s how the flaw labored and what Samsung did to repair it.

To know the flaw, you first have to find out about Android’s “profiles.” These are sandboxed areas with their very own app knowledge separate from the principle consumer, however they share the identical lifecycle and a few system-wide settings. The “work profile” is probably the most well-known sort, however there are some others. For example, Android 14 launched “clone” profiles for working a number of cases of an app, whereas Android 15 added “personal” profiles to help Google’s Non-public House characteristic.

When Samsung launched Safe Folder again in 2017, the one possibility was to implement it as a “work profile.” Whereas this labored for probably the most half, it created a basic problem: some system parts would incorrectly establish Safe Folder as a regular work profile. This was problematic as a result of these parts wouldn’t deal with it because the extremely safe house it was meant to be, which might result in them inadvertently revealing the delicate data saved inside.

You would possibly marvel the way it’s attainable for system parts to leak Safe Folder knowledge when Samsung controls the One UI working system. The reply is that sure core parts, just like the Photograph Picker and Permission Controller, are literally managed by Google. Google designed these parts to acknowledge and conceal content material inside Android 15’s new “personal” profiles (used for the Non-public House characteristic). Nonetheless, they weren’t designed to afford the identical safety to “work” profiles. That is why the Photograph Picker and Permission Controller may very well be used to see pictures and reveal which apps have been put in within the Safe Folder.

Happily, One UI 8 fixes this by reclassifying Safe Folder as a “personal” profile. This alteration ensures that Google’s Photograph Picker and Permission Controller now acknowledge it as a protected house and correctly conceal its recordsdata and app data. It’s essential to notice, nevertheless, that this safety is barely lively if you absolutely conceal the Safe Folder, not simply shut it. Hiding the folder does extra than simply take away its icon out of your app drawer; it additionally encrypts the information inside, which stops its apps from working and prevents them from sending notifications.

One lingering problem, nevertheless, is that the up to date Safe Folder nonetheless doesn’t combine with third-party launchers like Niagara Launcher. I used to be hopeful this might change, particularly since Google enabled Non-public House help for third-party launchers in Android 15, nevertheless it appears Samsung hasn’t absolutely applied the required APIs. Hopefully, that is one thing that may be addressed in a future One UI launch.