As Samsung Galaxy users finally get to upgrade to One UI 7, bringing Android 15’s raft of updates to their phones, there’s suddenly a new reason for attention to turn to One UI 8 and Android 16. Google is expected to release this in July, and notwithstanding the long delays to One UI 7, the hope is that Samsung users are not left too far behind.
In addition to Android’s new Advanced Protection Mode and Intrusion Detection, the next OS release could also fix Samsung’s Android mistake that has left its “most secure feature [with] a few holes” which could be “leaking your private info.”
We’re talking Galaxy’s Secure Folder. “We know how important it is for you to be able to keep your photos, videos, files, apps and data that you consider private in a safe place,” Samsung says. “That is why one of the most useful tools on your Galaxy device is the Secure Folder, where you can store everything you want with maximum security.”
Unfortunately, as I reported some weeks ago, the way in which this is set up means it can share some of this “maximum security” data far and wide. “The feature creates a new profile with its own storage space and screen lock, keeping your sensitive apps and files private,” Android Authority explains. :Or so we thought until a flaw was discovered in Samsung’s Secure Folder that lets anyone see which apps and photos you have.”
This was spotted by a Redditor, who warned that “I expected secure folder to act like Private Space. It does not. I’m aware Private Space is new in Android 15 and that this secure folder function is older and builds off the ‘Work’ Profile feature. However, if you have the work profile enabled through something like Island or Shelter (or you know, your actual workplace), any apps in the work profile can access the entirety of photos and videos saved in secure folder without any restrictions whatsoever.”
That Private Space feature in Android 15 doesn’t have the same problem — but that’s not available to Samsung users given the use of Secure Folder instead. But that could be fixed in One UI 8. According to a post on X following a review of One UI 8 beta code, “Secure Folder now uses new Android Private Space api instead of work profile!”
Per Android Authority, this “should fix instances of hidden apps sending you notifications and leaking your stored media,” albeit “One UI 7’s delayed rollout has left a bad taste in our mouths, so we aren’t holding our breath for a quick One UI 8 rollout.”
Meanwhile, as I advised when this was first disclosed, “change your phone setup and encrypt your secure folder… The folder isn’t decrypted by default, and is opened by your device’s unlock, this enables other apps to access the folder. Encrypting it will add that additional layer. If you store private data in your Secure Folder and have any form of Work Profile on your device, you should go ahead and do that now.”
Samsung has acknowledged the problem but there’s no official word on a fix. As Android Police explains, the problem “is all because Samsung decided to make Secure Folder different from Android 15’s Private Space, which Google designed as a completely separate user profile.” This opened the leaky loophole.
But that obvious fix might now be on its way and, per Android Police again, “Samsung’s Secure Folder might get better at living up to its name with One UI 8.”
Read the full article here
