Skip to content

Add Samsung Knox Secure Folder support#2889

Open
TomasGC wants to merge 4 commits intomihonapp:mainfrom
TomasGC:feature/secure_folder_from_samsung_knox_support
Open

Add Samsung Knox Secure Folder support#2889
TomasGC wants to merge 4 commits intomihonapp:mainfrom
TomasGC:feature/secure_folder_from_samsung_knox_support

Conversation

@TomasGC
Copy link

@TomasGC TomasGC commented Jan 22, 2026

  • Add custom FolderPickerDialog to replace SAF in Samsung Knox Secure Folder
  • Add automatic Secure Folder detection (DeviceUtil)
  • Add dynamic MANAGE_EXTERNAL_STORAGE permission handling
  • Add FileSystemNavigator for testable file operations
  • Add BackupUtil with defensive validation and logging
  • Add comprehensive unit tests (26 new tests, 72 total)
  • Fix deprecated InsertDriveFile icon warning
  • Refactor storage management with extracted constants
  • Add defensive code with comprehensive logging

Fixes compatibility issues on Samsung devices with Secure Folder. Storage Access Framework (SAF) doesn't work in Secure Folder, so a custom file picker was implemented. All storage operations now detect and handle Secure Folder environment automatically.

Tested on Samsung S23Ultra with Knox Secure Folder enabled.

@TomasGC
Add Samsung Knox Secure Folder support
5fe0695 
- Add custom FolderPickerDialog to replace SAF in Samsung Knox Secure Folder
- Add automatic Secure Folder detection (DeviceUtil)
- Add dynamic MANAGE_EXTERNAL_STORAGE permission handling
- Add FileSystemNavigator for testable file operations
- Add BackupUtil with defensive validation and logging
- Add comprehensive unit tests (26 new tests, 72 total)
- Fix deprecated InsertDriveFile icon warning
- Refactor storage management with extracted constants
- Add defensive code with comprehensive logging

Fixes compatibility issues on Samsung devices with Secure Folder.
Storage Access Framework (SAF) doesn't work in Secure Folder, so a custom
file picker was implemented. All storage operations now detect and handle
Secure Folder environment automatically.

Tested on Samsung S23Ultra with Knox Secure Folder enabled.
@TomasGC TomasGC mentioned this pull request Jan 25, 2026
Open
6 tasks
@TomasGC
Generalize secure environment detection for all manufacturers
6faff14 
Extend support from Samsung-only to all secure environments:
- Samsung Knox Secure Folder
- Motorola Secure Folder
- Android Work Profile
- Other manufacturer-specific isolated environments

Changes:
- Remove Samsung-specific guard clause in isInSecureFolder()
- Remove Knox-specific detection methods (redundant)
- Rely on universal detection: isManagedProfile + isIsolatedUserId
- Generalize all UI strings and comments
- Simplify code: -8 lines total

This fixes issue mihonapp#2471 (Motorola Secure Folder blank screen)
and makes the solution work for any device with isolated environments.

Detection now works via:
1. UserManager.isManagedProfile (Android API, all manufacturers)
2. User ID >= 150 (common pattern across manufacturers)
@TomasGC
fix: security hardening and code quality improvements
f70f02e 
Critical Security & Robustness Fixes:
- Fix path traversal vulnerability in ManualPathInputDialog
  * Validate canonical path to prevent '../' attacks
  * Restrict to allowed directories (storage/emulated, app-specific)
  * Separate SecurityException handling
- Fix null safety in GuidesStep URI to File conversion
  * Validate URI scheme before File construction
  * Add try-catch for IllegalArgumentException
  * Early return on invalid schemes
- Fix thread safety in BackupUtil cleanup operations
  * Add synchronized block with cleanupLock
  * Double-check file existence before deletion
  * Individual SecurityException handling per file
- Fix race conditions in FolderPickerDialog
  * Add isProcessing flag to prevent concurrent operations
  * Protect createFolderAndSelect() against concurrency
  * Add double-click protection with try-finally

Code Cleanup & Optimization:
- Remove unused SECURE_FOLDER_DATA_PATH_PATTERN constant
- Remove 2 associated dead tests
- Reduce logging in AndroidStorageFolderProvider
- Simplify isDirectoryAccessible() method
- Improve documentation for getSecureFolderBasePath()
@TomasGC
refactor: improve code quality and enforce .editorconfig compliance
0516390 
Code Quality Improvements:
- Remove unused imports from StorageStep.kt
- Extract duplicated help section into reusable StorageHelpSection composable
- Reduce code duplication in onboarding flow
- Add folder_picker_item_count_single/multiple i18n strings
@TomasGC
Copy link
Author

TomasGC commented Jan 26, 2026

This PR should fix issue
#2471

@AntsyLich
Copy link
Member

AntsyLich commented Jan 26, 2026

Why should the app accommodate for bad implementation of OEMs?

@jobobby04
Copy link
Contributor

jobobby04 commented Jan 26, 2026

I don't have any issues with Samsung Secure Folder with Tachi/Mihon, and I've used it for years

@TomasGC
Copy link
Author

TomasGC commented Jan 26, 2026

@jobobby04 Well I did too with my S20 but since I got the S23 ('cause my S20 died) the SAF of the Secure Folder is unaccessible from it with Mihon. It's a bug on Android which has been "recently" added, I can't tell when it has been introduced and it looks like they are not in a rush to fix it.

@AntsyLich sorry for this PR but it's quite annoying to not be able to use Mihon inside the Secure Folder, I don't want to use it outside for obvious possible untrustworthy reason with the extensions. Mihon is safe but the extensions (or some of them) might not, I prefer not to risk it.

@BrutuZ
Copy link
Contributor

BrutuZ commented Jan 26, 2026

For the last reason you could switch to Mihon Beta and use its Private Installer

@AntsyLich
Copy link
Member

AntsyLich commented Jan 26, 2026

@AntsyLich sorry for this PR but it's quite annoying to not be able to use Mihon inside the Secure Folder, I don't want to use it outside for obvious possible untrustworthy reason with the extensions. Mihon is safe but the extensions (or some of them) might not, I prefer not to risk it.

This doesn't answer my question. Why should Mihon add workarounds for stuff broken by big companies like Samsung

For the last reason you could switch to Mihon Beta and use its Private Installer

Extensions aren't sandboxed

@TomasGC
Copy link
Author

TomasGC commented Jan 26, 2026

@AntsyLich well, I can't fix it for them as it's not open-source, in contrary to Mihon.
I did not change the code for the non Secure Folder users, only the ones using it will be able to see my changes.
I don't know what to say more about that... if you're not ok with it (thing that I can understand), we can just close the issue as Won't fix and refuse this PR I guess.

@TomasGC
Copy link
Author

TomasGC commented Feb 1, 2026

Hello @AntsyLich , should I cancel my PR then ?

Thank you for you answer and have a nice day. :)

@dr-nyt
Copy link

dr-nyt commented Mar 6, 2026

This is an important feature for me, would appreciate a reconsideration 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@TomasGC @AntsyLich @jobobby04 @BrutuZ @dr-nyt