Does iPhone Have a Secure Folder? The Full Answer for iOS Users

TL;DR

iOS has no built-in Secure Folder. The Hidden Album in Photos hides images from the main library but leaves them unencrypted on disk. Guided Access and Screen Time lock the phone into one app but do not create a separate encrypted space. For a true Secure Folder equivalent on iPhone, you need a third-party vault app like AppVault that encrypts files individually with AES-256-GCM, binds the encryption key to the Secure Enclave, and stores nothing on a server.

Samsung Secure Folder runs on the Knox security platform. It creates an encrypted partition on the device where you can install apps, store files, and take photos without them appearing in the main gallery. The folder is locked behind a separate PIN, pattern, or biometric. If someone unlocks your phone, they still cannot open Secure Folder.

iOS has no equivalent.

Apple provides a set of partial tools — the Hidden Album, Guided Access, Screen Time — but none of them create an encrypted, isolated container. Each tool solves one small piece of the problem and leaves the rest exposed.

This article walks through every native option, explains exactly what each one does and does not protect, and then shows how a third-party vault app like AppVault fills the gap with encryption that matches or exceeds Samsung Secure Folder.

What Apple gives you natively

Apple does not call any of these features a secure folder. That is intentional. None of them are secure in the cryptographic sense.

The Hidden Album in Photos

The Hidden Album is the most commonly mistaken feature. Users move photos into it expecting privacy. What actually happens: the photos disappear from the Moments, Years, and Collections views. They remain in the same unencrypted database file on disk. Any app with file-system access, any forensic tool, or anyone who knows the setting exists can view them.

The Hidden Album is a view filter, not a security boundary. Apple even places the Hidden Album toggle in Settings > Photos, where anyone holding your unlocked phone can disable it and see every hidden image.

Guided Access

Guided Access locks the iPhone into a single app. You set a passcode, hand the phone to someone, and they cannot leave the app or access anything else. It is useful for a child using a learning app or a customer signing a document on your device.

Guided Access does not create a secure folder. It restricts navigation. The app you are locked into still has full access to your data. If that app is Photos, the other person can scroll through your entire library.

Screen Time restrictions

Screen Time lets you block specific apps behind a separate PIN. You can hide the App Store, prevent app deletion, or restrict adult content.

Screen Time is a parental control tool. It is not a secure folder. The apps you restrict remain visible on the Home Screen. A determined person can guess the four-digit Screen Time passcode. Apple provides no encryption, no sandboxing, and no plausible deniability.

The Files app

The Files app stores documents in the clear. It does not support password-protected folders. You can create folders, rename them, and organize them, but anyone with access to your unlocked iPhone can open every file.

Files does support encrypted disk images if you create a DMG on a Mac and transfer it. That workflow is impractical for most users. It requires a Mac, command-line tools, and manual management of the encrypted volume.

What Samsung Secure Folder does that iOS cannot

Samsung Secure Folder is not just a hidden directory. It is a Knox-based container that:

• Encrypts all files with AES-256
• Isolates apps inside the container so they cannot access data outside it
• Supports a separate Samsung account for backup
• Offers a “hide Secure Folder” option that removes the icon from the app drawer

iOS does not allow third-party apps to create isolated containers at the operating-system level. Apple’s sandbox model prevents one app from reading another app’s data, but it does not give any app the ability to carve out a hidden partition. Every third-party vault app on the App Store works within the sandbox of its own container.

That means no iPhone vault app can match Samsung Secure Folder feature-for-feature at the OS level. What they can do — and what AppVault does — is build a software-based encrypted vault inside the app’s sandbox that uses cryptography to simulate the same protection.

The vault app architecture

A secure folder app on iPhone works like this:

1. The app creates an encrypted database inside its own sandboxed container.
2. When you import a photo or file, the app reads the original, encrypts it with a symmetric cipher, and writes the ciphertext to the database.
3. The app deletes the original from the Photos library or Files app (with your permission).
4. To view a file, the app reads the ciphertext, decrypts it in memory, and displays it. The decrypted data never touches disk.
5. The encryption key is derived from something you know — a pattern, a PIN, or a passphrase — and optionally wrapped by a hardware key from the Secure Enclave.

This architecture is the closest thing to a Secure Folder on iPhone. It is not a Knox container, but it provides the same three properties: confidentiality, access control, and plausible deniability.

AppVault’s implementation

AppVault implements this architecture with specific cryptographic choices that matter for security.

Cipher and key derivation

Every file in AppVault is encrypted with AES-256 in Galois/Counter Mode (GCM). GCM is an authenticated encryption mode — it provides both confidentiality and integrity. An attacker cannot modify the ciphertext without detection. Each file receives a unique 96-bit nonce, which prevents two files encrypted with the same key from leaking information about each other.

The key is derived from your unlock pattern using PBKDF2-SHA256 at 600,000 iterations. That iteration count matches the OWASP 2026 recommendation for password-based key derivation. A 128-bit salt is generated per installation and combined with the pattern to produce the derived key.

Secure Enclave binding

The derived key does not live in plaintext in the app’s memory. AppVault sends the derived key to the iPhone Secure Enclave, which wraps it with a key that never leaves the chip. The wrapped key is stored in the app’s sandbox. To decrypt a file, the app sends the wrapped key back to the Secure Enclave, which unwraps it, performs the decryption inside the chip, and returns the plaintext.

This means an attacker who extracts the app’s sandbox data cannot decrypt files without access to your specific iPhone’s Secure Enclave. The hardware binding prevents offline brute-force attacks.

No network calls

AppVault makes zero network calls by default. There is no server to hack, no cloud sync to intercept, no telemetry to leak. The app functions entirely on-device.

Encrypted iCloud Backup is opt-in. When enabled, files are sealed with a separate per-device backup key before upload. Apple receives only ciphertext. The backup key is derived from the same Secure Enclave-bound material, so even Apple cannot decrypt the backup.

Catalog encryption

The list of files inside the vault — file names, dates, sizes — is also encrypted. An attacker with raw access to the device cannot tell how many files are stored or what they are called. This prevents the “folder count” attack where an observer sees that a vault has 47 items and infers that the vault is worth targeting.

Features that match the Secure Folder experience

Samsung Secure Folder users expect certain behaviors. AppVault replicates them within iOS constraints.

Calculator Launcher

The Calculator Launcher is a fully functional iOS calculator. It performs arithmetic, stores no history, and looks identical to the system calculator. To enter the vault, you long-press the equals key. The app then switches to the encrypted vault view.

This is not a “fake calculator” designed to deceive a spouse. It is an alternate app icon, approved under Apple guideline 4.3, that provides a discreet entry point. The intended use case is shoulder-surfing in public — someone watching your screen sees a calculator, not a vault.

Decoy Vault

The Decoy Vault is a second, mathematically independent vault catalog. You set a different unlock pattern for it. When someone unlocks with the decoy pattern, they see a separate set of files that you have curated. The real vault remains sealed behind the primary pattern.

This is useful when one physical device serves more than one person. A family iPad, for example, can have a decoy vault with kid-appropriate content and a real vault with financial documents.

No recovery

Like Samsung Secure Folder, AppVault does not offer password reset. Forget the pattern and the vault stays sealed forever. An optional written recovery passphrase is generated during setup. Store it physically, not in a digital file.

What AppVault does not defend against

Honesty about limits builds trust. AppVault does not defend against:

• Malware on a jailbroken device. If the operating system is compromised, the Secure Enclave binding can be bypassed. AppVault assumes a stock, up-to-date iOS installation.
• Physical extraction by a state actor. A sufficiently funded attacker with a jailbreak exploit and a chip-off forensics lab can defeat any software-based vault. AppVault’s encryption makes this expensive, but not impossible.
• Compulsory disclosure. If you are compelled by law to unlock the vault, AppVault provides no technical mechanism to resist. The Decoy Vault offers plausible deniability, but it is not a legal protection.

Who should use a secure folder app

The people who need a secure folder on iPhone are the same people who use Samsung Secure Folder:

• Journalists storing confidential sources and unpublished material
• Lawyers holding privileged client communications
• Medical professionals with patient data that falls under HIPAA
• Travelers crossing borders where customs officers inspect devices
• Shared device users — family iPads, work-issued iPhones, loaner phones
• Anyone selling or trading in an iPhone who wants to ensure personal files are not recoverable after a factory reset

How AppVault compares to other vault apps

The App Store contains dozens of vault apps. Most of them use AES-256 encryption, but the implementation details vary widely.

• Keepsafe is the category leader by install count. It uses AES-256 but stores files on cloud servers by default. The full feature-by-feature breakdown is on AppVault vs Keepsafe.
• Vaultaire is the closest competitor to AppVault in terms of zero-knowledge design. It also uses Secure Enclave binding and avoids cloud storage. The comparison is on AppVault vs Vaultaire.
• Most ad-supported vault apps run third-party SDKs that send usage telemetry off-device. AppVault includes no third-party SDKs and collects no data.

The key differentiator for AppVault is the combination of AES-256-GCM with Secure Enclave wrapping, zero network calls, catalog encryption, and the calculator launcher — all in a single app with no subscription.

The bottom line

iPhone does not have a Secure Folder. Apple has not built one, and the native tools that exist — Hidden Album, Guided Access, Screen Time — do not provide encryption or access control.

A third-party vault app is the only way to get an encrypted, password-protected container on iOS. AppVault implements this with the same cryptographic primitives that Samsung Secure Folder uses, adds hardware key binding via the Secure Enclave, and provides features like the Calculator Launcher and Decoy Vault that replicate the Secure Folder experience within iOS constraints.

If you are coming from Android and asking “does iPhone have a Secure Folder?”, the honest answer is no. The practical answer is that AppVault gets as close as iOS allows.

Sources

• Apple Support: Hide and show photos on iPhone
• Apple Support: Use Screen Time on iPhone
• Apple Platform Security guide: Data protection overview
• Apple Developer: App Privacy details on the App Store
• NIST FIPS 197: Advanced Encryption Standard