Hello everyone!
At the moment, I’m comparing mobile security solutions on the smartphone market among top brands, and recently I took a closer look at Samsung — specifically at Knox. Knox is currently used in Samsung’s smartphones and was originally designed for the corporate/enterprise market. The technology itself offers many capabilities, and at the user interface level there is the Knox (Secure Folder) feature.
Secure Folder is backed by a hardware security chip, meaning that all encryption keys are stored inside the Knox hardware. While researching this topic, I came up with a few questions:
At the moment, there are screenshots of a Cellebrite table stating that the Samsung Galaxy S24 Ultra has full support in both BFU and AFU, and it is also stated (in general terms, without listing specific devices) that Knox Secure Folder allows full data extraction. However, there are important nuances here:
under which specific conditions is full data extraction from Secure Folder actually possible?
Secure Folder itself can be in both AFU and BFU states, and it also has additional states depending on its configuration. For example, there is a setting that allows automatic decryption of Secure Folder data on device boot — meaning that even in BFU the data may already be decrypted (this setting can be disabled).
Secure Folder can be unlocked via fingerprint (similar to how the phone is normally unlocked in AFU), or it can require the main password only, displaying a message like “Enter password for security reasons.”
This creates a clear analogy to BFU and AFU states, but applied separately to Secure Folder itself.
Additionally, Secure Folder can be hidden via the user interface. When hidden, encryption is automatically applied, and all apps inside the folder are frozen and stop functioning until the main password is entered (fingerprint unlock is not allowed while the folder is hidden).
The Secure Folder icon disappears from the UI entirely, and it can only be restored (for example, from the quick settings panel) after entering the password.
As we can see, Secure Folder has many nuances, modes, and operational scenarios — so why doesn’t Cellebrite seem to take these into account?
Considering the capabilities of Samsung Secure Folder and the direction in which Samsung continues to develop it, one could reasonably gain confidence in the security of this product (yes, it’s not open source, but still).
For example, consider a use case where all sensitive applications are stored inside Secure Folder (Telegram, Signal, Session, browser, Tor client, etc.), while less sensitive apps remain in the regular / work profiles. This creates a fairly practical and realistic security model for using Samsung devices.
Moreover, Samsung actively responds to user feedback. For instance, One UI 8 Beta is currently being actively tested, and in Beta 2 an extended Auto Restart feature was added — now you can even set an exact time down to the second for when the device should reboot, thus forcing a transition into BFU.
Additionally, One UI 8 introduced improved folder hiding combined with enforced encryption when the folder is hidden.
Yes, GrapheneOS is obviously stronger in terms of exploit mitigation, hardened hardware implementations, and similar aspects. However, the main drawback is that it is a single, non-alternative Android-based OS, and it is limited to Google Pixel devices only. Pixels have not always been known for great battery life, cameras, SoC behavior (heating and throttling under basic workloads), build quality (e.g., the widespread Pixel 8 defects), and so on.
Because of this, there is a valid reason to consider Samsung devices as an additional option with a solid balance across multiple aspects. And of course, we are all waiting for a phone directly from the GrapheneOS team themselves.
Happy New Year to everyone! 🎉