Security of Samsung Secure folder

[4Jonah]

Hello,

I've a question about security of Samsung Secure Folder in Android 11 - stock software, phone is not rooted.

I always thought that the Secure Folder is a container that is totally isolated from the rest of the system, until I found out that installing an app within secure folder (in this case Kasperky Internet Security) gives the app the following permissions:

1. Kaspersky app can automatically start with the system. After restarting the phone without entering Secure Folder password, somehow Kaspersky manages to autostart itself even though the Secure Folder wasn't unlocked after starting the system. I can see it as the app is displaying its banners. How is it able to start automatically with the secure folder being locked?

2. The Kaspersky app that should run only within secure folder is able to scan system-wide settings outside of secure folder. The app has a feature called weak settings scan and it's somehow able to detect a lot of system-wide settings - like password visibility, developer options being enabled etc.It's also able to read the main, non-secure folder Google account used for the phone. How does it do this?

The above permissions given to the apparently secure folder-installed app indicates that there's a very limited isolation provided by Secure Folder.
Could you please clarify how the app is able to do the above things?
Is secure folder really secure? Would installing a malicious app in SF limit the infection to SF only?

Thanks,
Jonah

 

[puppykickr]

Ditch the 'security' apps.
You have discovered that they have undesireable permissions.

These leave your device more vulnerable with than without them.

And they do nothing but slow down your device.

There is nothing to be gained by their use.

If you want a 'secure folder', the way you describe it, the closest thing would be to set up a work profile.

All necessary apps will be duplicated, with their own sets of data- separate anfmd unconnected.

You can then make copies of your user apps that you want in the work profile.

Your work profile and your normal profile will be separate from each other on the same device.

 

[puppykickr]

https://f-droid.org/en/packages/com.oasisfeng.island.fdroid/

 

[ocnbrze]

why are you even dealing with kaspersky anyways. there is no need for antivirus software on android devices. i have no such thing on my devices and see no need for it. first off there really is no viruses for android....malware, yes.....viruses, no.

second it is an app. the secure folder is just that...a folder that can hold files securely.....apps need to be installed which is then installed outside the folder.

 

[Davdi]

I'm with @ocnbrze You really don't need 'security' apps on Android. Windows definitely, but Android NO. I don't have any 'Anti virus' or 'security' apps on my phone or tablet, nor on my PC or laptops. But then they're running Linux - there's no Microsoft anything here.

 

[The_Chief]

So you're not concerned with malware? We use Malwarebytes to make sure nothing sneaks into my system through a malicious website or email image.

I'm equally interested with OP on how Knox Security can allow anything in the Secure Folder to operate outside of it. Any permissions granted the app should only apply within the confines of the Secure Folder.

 

[mikedt]

Hello,

I've a question about security of Samsung Secure Folder in Android 11 - stock software, phone is not rooted.

I always thought that the Secure Folder is a container that is totally isolated from the rest of the system, until I found out that installing an app within secure folder (in this case Kasperky Internet Security) gives the app the following permissions:

Now my Galaxy Note20 Ultra that came with Android 11 doesn't have that feature, which means I can't tell you anything about it. And the only options I can see for encryption are for the SD-card external storage, which I've not done. Also I don't use Kapersky or any other third-party "anti-virus"

 

[Davdi]

@The_Chief - I've never had any problems with malware, but then I don't open emails from unknown sources on my phone, that's for desktop/Laptop, I don't visit dodgy websites or download apps from sources apart from the usual safe places (Play Store if I must, F-Droid, APKPure) and occasionally uptodown. Oh and BT/WiFi are disables when I don't need them. Neither did I have any 'security' apps on my other (Pen-testing therefore rooted) phone. Good luck trying to compromise that.