08-23-2018 12:41 PM
tools
  1. coeos's Avatar
    coeos
    I've used Secure Folder and thought the concept is great, until I understood how easily anyone could get around it. If I lose my phone, the person can just click on "reset password", then "Forgot your password" under the Samsung account login. He'll receive an email, directly on the stolen phone because I have my email accounts set up on it (like all of us do), so he can reset the Samsung Account, and then reset the Secure folder password. Even the 2-step authentication on the Samsung account is useless as it sends an SMS... to the stolen phone. So in sum, if you have access to my phone, then you have access to my Secure Folder.
    Am I missing something, or is there a way to shut this loophole?
    08-15-2017 08:26 AM
  2. Ecm's Avatar
    Ecm
    The very first step is to set up a secure password (plus, optionally fingerprint, iris scanner, facial recognition) for access to the device. This prevents anyone accessing your email or SMS on the device. They have no way of resetting the password. Even a device reset wouldn't help -- your Google account credentials are required after a reset.
    08-15-2017 09:15 AM
  3. GRUNT11B's Avatar
    GRUNT11B
    If someone steals your phone how would they unlock it in the first place? And not only that you can lock it or wipe it using your Samsung or Google account anyway.
    08-15-2017 09:25 AM
  4. coeos's Avatar
    coeos
    Thanks for your answers, but my point is that Secure Folder doesn't add any extra security, because it's just as safe as your standard phone unlocking security. So if your phone is safely locked, then you don't need Secure Folder, and if it isn't, then Secure Folder won't help either.
    Potentially you could have your phone stolen while it's still unlocked and it that case Secure Folder won't add any meaningful security - any amateur can do the reset.
    08-15-2017 09:46 AM
  5. strikeIII's Avatar
    strikeIII
    Secure Folder adds Samsung Knox for added encryption. Even with your phone locked someone can still potentially get your data but the added encryption from the Secure Folder makes it even harder to get.
    08-15-2017 10:09 AM
  7. chanchan05's Avatar
    chanchan05
    Q&A Team
    Uh, someone could theoretically pull the flash memory off the motherboard and access it independently of the phone, at which point your phone lock is useless. However the thief would not be able to access the encrypted data.
    coeos likes this.
    08-15-2017 10:17 AM
  8. Jason Fournier1's Avatar
    Jason Fournier1
    Secure folder has other use cases. Like when someone borrows your phone to watch something, your sensitive information is locked away.
    shadowsjc likes this.
    08-15-2017 12:13 PM
  9. anon(10509789)'s Avatar
    anon(10509789)
    I totally agree with coeos, and all the message after his are completely missing the point.
    08-22-2018 07:45 AM
  10. Mmira's Avatar
    Mmira
    I totally agree with coeos, and all the message after his are completely missing the point.
    There is no point of adding a layer of security (for whatever reason it could be the need) if then there is a (practical and easy) workaround.
    For everyone that fails to see an issue here, the secure folder app itself has no reason to exist, since its own purpose is completely missed.

    I found a very non elegant solution, that seems more like a bug than a solution.. but so far it seems to work:
    -uninstall the existing secure folder app (in "more settings")
    -log off from your Samsung account
    -create a new temporary samsung account, with a secondary mail (not logged on in your phone)
    -log in, and re-install secure folder
    -once the secure folder is set up, go back to accounts and switch to your old one.

    Now for some reason the reset password tool of secure folder will keep asking you for the temporary account's credentials, as if it is not recognising the Samsung account currently logged on your smartphone.

    As long as the access to the secondary mailbox is protected by a password also with the device unlocked, you should be fine. Unless they will change the app behaviour with an update.

    Of course be aware if the recovery email or the recovery phone number for your secondary mailbox are the address or the phone number you are currently using on your device. In that case security is going to have a hole too.
    And also, if using a temporary email for the temporary samsung account, don't delete the mail account, or it will be available for use, and to enter in your secure folder it will be needed just to create a Samsung account using that same email address.
    08-22-2018 07:58 AM
  11. mark7914's Avatar
    mark7914
    One of the first things I did with mine was to turn off the display of content of notifications on the front screen.

    So it shows, for example, an SMS icon when I get one, but it doesn't help a thief out by rendering the content of the SMS providing the reset or unlock code in a "preview" without them even having to get into the phone.
    08-23-2018 12:41 PM
« How do I remove full screen on Galaxy S8? | Can I have HDR back instead of full screen view on the S8? »

Similar Threads

  1. Why is my Google Play Store showing download pending?
    By AC Question in forum Ask a Question
    Replies: 2
    Last Post: 04-16-2018, 07:34 AM
  2. Samsung S8 Notification Bar Issue
    By AC Question in forum Samsung Galaxy S8 & S8+
    Replies: 20
    Last Post: 08-22-2017, 08:35 AM
  3. My moto x play's battery is draining fast and phone is heating up at the same time.
    By AC Question in forum Ask a Question
    Replies: 2
    Last Post: 08-15-2017, 01:33 PM
  4. Few questions about Samsung s8 plus
    By monali123 in forum Samsung Galaxy S8 & S8+
    Replies: 0
    Last Post: 08-15-2017, 05:49 AM
  5. Samsung S8 Notification Bar Issue
    By AC Question in forum Ask a Question
    Replies: 0
    Last Post: 08-15-2017, 04:44 AM
LINK TO POST COPIED TO CLIPBOARD