Security Experts:

Amazon Quietly Removes Device Encryption From Fire Devices

Amazon has decided to kill support for encryption on its Kindle Fire devices and quietly removed it from Fire HD and Fire HDX 8.9 devices with the release of Fire OS 5 in February.

Fire OS 5 is based on the Android 5.0 Lollipop release, which was revealed in October 2014 with multiple security enhancements built in, including full device encryption enabled by default on first boot. 

To further boost the security of devices, Google announced in October 2015 that full-disk encryption was mandatory in devices running Android 6.0 Marshmallow. Thus, the company required that all manufacturers enabled the feature out-of-the-box for new devices that support a secure lockscreen and which have high memory resources.

Amazon’s Fire devices had encryption enabled, and users still running iterations of Fire OS 4 can take full advantage of the security feature. However, those who decided to upgrade to the newer Fire OS 5 platform release could no longer enjoy the same capabilities it seems.

Although it did not make an official announcement on the matter, Amazon did inform users on the change, and even suggested they refrain from upgrading to the newer OS version to continue taking advantage of encryption. Basically users need to choose from two equally bad options: update and leave their data unprotected, or continue running outdated software on their devices.

Users interested in installing the newer operating system version were also prompted to backup all of their data and perform a factory reset on their devices to remove encryption. As soon as the installation process was completed and Fire OS 5 was up and running, user data was no longer encrypted.

Many Kindle Fire users have noticed the change and started expressing their discontent on Amazon’s forum and on social media. According to Rick Dillon, Amazon even had a page on its support website explaining the encryption changes, but the page can no longer be found.

It certainly comes as a surprise that Amazon decided to remove such an important feature from its devices, even if Google provided manufacturers with the possibility to choose whether they would enable encryption or not on Android 5.0 products.

Contacted by SecurityWeek, Amazon said the move to weaken data security on its Fire devices was because customers weren't using certain features.

“In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using," an Amazon spokesperson told SecurityWeek. "All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”

Amazon’s decision to deprecate encryption on Fire HD and Fire HDX 8.9 devices comes amid avid discussions regarding the security and privacy of smartphones and similar devices after Apple refused to help the FBI unlock the iPhone belonging to the San Bernardino Islamic terrorist.

Large tech companies, including Google, Microsoft, Facebook and Yahoo joined Apple's legal fight over encryption Thursday, warning that a precedent would be created if the company is forced to unlock an encrypted device. FBI chief James Comey, on the other hand, said Tuesday that Americans need to know the safety implications if encryption makes it impossible to access data on smartphones and other devices.

*Updated with comment from Amazon

view counter