Retailer claims nobody used the encryption feature
Amazon has removed the ability to encrypt data on its Fire tablets, Kindle eBooks and other streaming devices with the latest update to its Fire OS.
The move could leave users of its devices without the means to secure confidential documents, financial information and other private information.
The removal was discovered by security researcher David Scovetta, who tweeted a screen grab of the Fire HD tablet update, which read: “Your device has encrypted data. However, device encryption is no longer supported in Fire OS 5. Follow the steps outlined below to save your data.”
Users on Amazon’s Kindle support forums have been up in arms over the removal.
Fire OS 5 removes the security feature at a time when other companies are taking a harder stance on encryption. Apple is fighting the FBI over the law enforcement agency’s attempts to force it to create a backdoor into the iPhone.
Amazon’s Fire OS is based on a fork of Android that supports full-disk encryption by default. Fire OS 5 is the first release to use the Android 5.0 Lollipop code.
The update leaves users with two choice: update and lose encryption or stay on an operating system that could potentially harbour vulnerabilities. Neither are desirable from a security perspective.
In a press statement, Amazon said that when Fire OS 5 was released it “removed some enterprise features that we found customers weren’t using”.
“All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption,” it added.
In other words, Amazon encrypts data on the go but not when it is stored locally.
The decision to remove encryption is at odds with Amazon’s support for Apple in its fight against the FBI. Amazon chief technology officer Werner Vogels also voiced support for Apple at the Mobile World Congress recently.
According to the Arc tech blog, he said that the moment backdoors are in encryption, “you can no longer trust the technology that you have that you are the only one has access to your data.”
“So we are very strong believers that encryption should be in the hands of our customers and they should be the ones who decide who has access to the data and nobody else,” he said.