We all want to keep our privacy and our secrets hidden and safe. So nearly all top vendors develop and provide us some privacy protection apps such as Secure Folder, PrivateSpace, Safe, App Lock, etc. They claim that saving private files in those apps will be safer. However, we conducted comprehensive research about them and found that it is not true for most of them. Many design or development flaws allow attackers to bypass the protection and access the privacy files inside, which will affect billions of users.
We found many related vulnerabilities and categorized them into three types of attack scenarios: attacking by malicious untrusted apps, system privilege apps, and accessing unlocked phones physically. For example, some vendor build-in safe apps aren't designed and implemented properly, so we can access and decrypt their 'safe' files easily from any malicious apps. Some vendors use TrustZone to protect the files but some design flaws allow system privileged attackers to retrieve the plaintext password and decrypt the files. Finally, if we can access the phone physically with the screen unlocked, we can exploit some unprotected system APIs to bypass the protection of all top vendors' secret-space apps.
Finally, we will present the mitigation and our mobile apps' secure storage test process. We send them to all top vendors. By sharing our research, we want to improve the security of the privacy protection apps and better protect billions of users' privacy.