The function Protected folder of Google Photos made its debut in 2021 and was then extended to a wider range of smartphones during the same year. Previously known as Locked Folder, this is a tool that acts as a sort of safe container for user photos and images (as well as videos). The contents stored in the Protected folderin fact, are not presented in the Photo gallery of Google Photos and you must pass an authentication procedure to access it.
Initially created for Android devices, Protected folder it also landed in 2023 in the iOS and Web versions of Google Photos. Differently from what happened in the past, the latest versions of Protected folder allow you to make use of Google Photos backup. This means that even the contents of the Protected folder can be safely loaded onto server Googleand possibly restored when necessary, as happens for the other images hosted in the photo gallery.
Furthermore, the contents of the Protected folder does not shy away from the activities of synchronization: this means that the images stored in this special “container” remain accessible from other devices under the direct control of the user. That is, those in which the same Google account is configured.
What is Secure Folder and how does it work
The instrument Protected folderaccessible from the main menu of the Android, iOS and Web versions of Google Photo, offers a safe haven that users can leverage to store sensitive files and videos. These files remain locked and inaccessible to anyone who does not have the necessary information credentials.
Managing protected files is very simple: just access the entry Protected folder in the main menu of Google Photos (button Collection, Utilities) then follow the instructions. First of all, it is possible activate the backupso that there is no risk of losing the material saved in the Protected folder. Second, the intuitive interface allows you to organize images and videos with maximum ease.
Imagine using Protected folder to keep a copy, in digital and photographic format, of important documents: the possibility of “categorizing” the contents facilitates their subsequent identification.
A folder protected by the authentication system used on the device
The use of Protected folder cannot ignore the configuration of a PIN or the use of authentication via biometric data. If your smartphone is not already configured to do so, open the Google Photos app then choose Protected folder, you will be encouraged to adequately protect your device. Every time you try to access the contents of the Protected folderyou must confirm your PIN or pass biometric authentication (e.g. with fingerprint or facial recognition).
The approach is substantially identical on both Android and iOS but is aimed at providing the same level of security also on the Web side. Try accessing the Google Photos home page from a Web browser and then clicking on Protected folder in the left column. The web application will ask to pass authentication using the same tools with which theaccount Google in use. For example, if the user had enabled the use of passkeys, Google’s preferred mechanism for login, access to the content of the Protected folder it will only be possible after the “green light” from the authentication system.
The passkey they are designed to offer greater security and resistance to phishing: unlike traditional passwords, passkeys are uniquely generated for each account directly on the user’s device, making them less vulnerable to cyber attacks.
Choose photos and videos to protect
After configuring the folder for the first use, regardless of the platform used, it is possible to define photos and videos to insert into it. By clicking on Move items at the top right, in the Google Photos interface in the web version, or on the icon Select photos and videos at the bottom right, it is possible to directly access the contents of the photo gallery to indicate the elements to be protected.
The web version of Google Photos also offers the option Select from your computer at the top right: using it, you can choose any image or video from your PC to upload them directly to the folder that keeps users’ “confidential contents” safe.
Interestingly, Google controls, server-side, the file format loaded into the Protected folder. If they don’t match the supported list, show an error message. And it’s not enough to simply rename a file, for example documento.pdf in documento.pdf.jpg alternating its extension: control is in fact exercised on the header of the file.
At this point, more knowledgeable users might think of a solution to overcome the limitation, for example using the steganography, a methodology that allows you to hide any type of file in another (for example, a document inside an image). But this is beyond the scope of the article.
The main advantages and disadvantages of the function Protected folder
By resorting to a tool like the one that Google has integrated into the various versions of its Photos app, it is possible to maintain private images and videos safe and secure, even when synced across other devices.
At the same time, other unauthorized users are prevented from accessing the protected folder, thus taking advantage of the standard cryptographic practices used by the Mountain View company. The so-called two-step verification obviously allows you to rely on an additional level of security.
There is no mention of end-to-end encryption
What’s the downside? Google certifies that the content of the Protected folder And “Safeguarded by Google Photos’ standard encryption practices“, as we also mentioned previously. What does it mean? As Google clarifies in another document, the use of “encryption maintains the private data and protected while they are in transit. When you store your photos, the data you create travels between your device, Google services, and our data centers. We protect this data with various levels of security that include cutting-edge encryption technologies, such as HTTPS and email encryption. data at rest (at rest)“.
Google does not mention the use of crittografia end-to-end: the data is encrypted, both on the user’s device and on the company’s servers, but the procedure to date does not imply the use of keys generated on the individual devices and therefore known only by the user himself (not, for example, by the service manager).
Also consider the case of a user who had acquired i directly root on your Android smartphone: the photos and videos contained in the Protected folder they would be accessible by going to the folder /data/data/com.google.android.apps.photos/files/mars_files, a memory location which remains unavailable for users without the highest privileges. A root account, however, inherently has access to the entire file system and the data encrypted on the Android terminal have already undergone a decoding process.
It can be a problem, however, for those Android devices (perhaps no longer supported by their respective manufacturers) that suffer from vulnerability possibly used by attackers and malicious apps to acquire root rights without having any title.
Opening image credit: iStock.com – ipuwadol