Security of Samsung Secure Folder

[Android Central Question]

Hello,

I've a question about security of Samsung Secure Folder in Android 11 - stock software, phone is not rooted.

I always thought that the Secure Folder is a container that is totally isolated from the rest of the system, until I found out that installing an app within secure folder (in this case Kasperky Internet Security) gives the app the following permissions:

1. Kaspersky app can automatically start with the system. After restarting the phone without entering Secure Folder password, somehow Kaspersky manages to autostart itself even though the Secure Folder wasn't unlocked after starting the system. I can see it as the app is displaying its banners. How is it able to start automatically with the secure folder being locked?

2. The Kaspersky app that should run only within secure folder is able to scan system-wide settings outside of secure folder. The app has a feature called weak settings scan and it's somehow able to detect a lot of system-wide settings - like password visibility, developer options being enabled etc.It's also able to read the main, non-secure folder Google account used for the phone. How does it do this?

The above permissions given to the apparently secure folder-installed app indicates that there's a very limited isolation provided by Secure Folder.
Could you please clarify how the app is able to do the above things?
Is secure folder really secure? Would installing a malicious app in SF limit the infection to SF only?

Thanks,
Jonah

 

[mib1800]

Hello,

I've a question about security of Samsung Secure Folder in Android 11 - stock software, phone is not rooted.

I always thought that the Secure Folder is a container that is totally isolated from the rest of the system, until I found out that installing an app within secure folder (in this case Kasperky Internet Security) gives the app the following permissions:

1. Kaspersky app can automatically start with the system. After restarting the phone without entering Secure Folder password, somehow Kaspersky manages to autostart itself even though the Secure Folder wasn't unlocked after starting the system. I can see it as the app is displaying its banners. How is it able to start automatically with the secure folder being locked?

2. The Kaspersky app that should run only within secure folder is able to scan system-wide settings outside of secure folder. The app has a feature called weak settings scan and it's somehow able to detect a lot of system-wide settings - like password visibility, developer options being enabled etc.It's also able to read the main, non-secure folder Google account used for the phone. How does it do this?

The above permissions given to the apparently secure folder-installed app indicates that there's a very limited isolation provided by Secure Folder.
Could you please clarify how the app is able to do the above things?
Is secure folder really secure? Would installing a malicious app in SF limit the infection to SF only?

Thanks,
Jonah

Secure folder is like another environment or user session. Apps that can auto start will start. Just like whatsapp, email, Google service etc. All of them running in the secure folder. If you need to interact with the app UI, then you need to type the password

 

[B. Diddy]

Welcome to Android Central! Please register on this forum, which will allow you to engage in discussion more easily, as well as post images. https://forums.androidcentral.com/ask-question/409154-join-android-central-community.html

 

[mustang7757]

Secure Folder is where you can keep photos, video, files, apps, and data you want to keep private. It's an encrypted space , defense-grade Samsung Knox security platform.

That app Kaspersky is a VPN?