Update: According to Samsung, Secure Folder is working as intended.
To avoid notifications from Secure Folder Gallery, the company recommends adjusting your Secure Folder notification settings and enabling “Hide content” and “Hide content when Secure Folder is locked.” The company also recommends setting a more strict Auto lock Secure Folder option, such as “When screen turns off.”
We should note that we had these settings turned on when we encountered the issue, so in our particular case, they didn't help much.
However, Samsung says you can get extra security from Secure Folder by encrypting it every time you exit the app and by using the “Lock and exit option,” even if you have the aforementioned Auto lock Secure Folder option set to exit Secure Folder when your phone's screen is off.
Original story follows
Samsung has pulled the One UI 7 update off the air for reasons unknown. The company has yet to provide an explanation, but evidently, something must be wrong with the update if the company had to resort to such drastic measures. So far, we haven't found much wrong with One UI 7, except for what appears to be a pretty big security oversight concerning Secure Folder.
Here's what happened to us over the weekend. We found that the Gallery app inside Secure Folder in One UI 7 can make its contents visible and accessible outside of Secure Folder through auto-generated stories.
If you are running One UI 7 on your Galaxy S24, Galaxy Z Flip 6, or Galaxy Z Fold 6 (and maybe even the Galaxy S25), you may encounter this security issue yourself sooner or later.
First, the Gallery app inside Secure Folder generates a story. Then, you will receive a notification about the story outside of Secure Folder. This is a privacy concern in itself, but even worse, tapping this notification will reveal all its contents, even if, again, you are using the phone outside the Secure Folder.
This unwanted behavior makes Secure Folder Gallery content visible outside the secure enclave. You don't have to trick Secure Folder in any way for this to happen. It just does.
How to avoid this problem for now
The easiest way to avoid this issue is to open the Gallery app inside Secure Folder, tap the Menu button, access Settings, and turn off Auto create stories. This feature appears to be turned on by default, so you may want to double-check and ensure it is disabled manually.
We can't confirm if this is why Samsung pulled One UI 7 from the servers, but it might be one of them. Either way, it doesn't seem like Secure Folder is very secure in One UI 7, and the company will have to address this no matter why it halted the One UI 7 update.
We're also unsure whether this security bug affects only the Galaxy devices that have received the One UI 7 update OTA or every other One UI 7 device, including the Galaxy S25. We'll let you know if we find out more.
