(Update: coming back) Amazon’s latest version of Fire OS disables encryption

by: Rob TriggsMarch 5, 2016
448

Amazon Fire Security Settings

Update, March 5: Amazon announced in a statement that it will bring back encryption to its Fire line with a future update coming this spring. Encryption is on everyone’s mind these days and it looks like Amazon is keen to position itself on the right side of the debate.

Original post, March 4: Amazon has been updating a number of its older devices to version 5 of its Fire OS this month, but Amazon forum members have discovered that the update doesn’t just add in new features, it also completely strips the devices of encryption support.

Customers who update their Kindle Fire, Fire Phone, Amazon Fire HD, or Amazon Fire TV to Fire OS 5 will no longer be able to encrypt their data and will presumably lose any currently encrypted files, leaving them potentially vulnerable to prying eyes. While clearly not everyone will make use of this option, completely removing a security feature and forcibly downgrading a user’s security is rather unheard of.

It’s not exactly clear why Amazon would want to remove this option from its devices, but the company has mentioned that it was tidying up some unused features with Fire OS 5. We also know that only a single figure percentage of Android devices are actually encrypted, so perhaps the company has a point.

“When we released Fire OS 5, we removed some enterprise features that we found customers weren’t using,” – Amazon Spokesperson

However, the discovery hasn’t gone down well with everyone and comes as Apple, Google, and other technology companies are hotly debating the topic of encryption and law enforcement within the US legal system. We should point out though that the update was decided upon all the way back in fall of 2015, well before the OTA update began rolling out to devices this month, and Amazon has backed Apple on the issue of device encryption and user security.

Amazon customers who currently own devices running Fire OS 4 and want to keep encryption will have to stick on their current OS, but that means that they will miss out on future security updates. The alternative is a custom ROM, but that’s not a convenient solution for the majority of consumers who bought Amazon’s products specifically for their simplicity.

  • Diego

    Good thing I didn’t buy a fire tablet.

    • Just_Wondering

      It is really only good for accessing their content, but you can get a regular Android, and just download the Music and Reader apps anyway. You can’t use the Google Play store with it either.

    • Daggett Beaver

      Yeah, you don’t want anyone decrypting your Hello Kitty videos on your device.

  • Izzie

    As if the data encryption on Android based devices would prevent law enforcement agencies accessing your data. It’s relatively weak and software is readily available to authorised partiee to access the contents.

    • fuuma_monou

      Citation?

    • Just_Wondering

      I just did some Googling, and at least for the latest versions, your assertion does not appear to be correct. I would be glad to hear anything you have that can prove what you said, as that would be very interesting.

      • Naga Tudor

        i have an encrypted nexus 6 with the latest android version, but come on, it’s android, i’m sure a hacker can bypass the encryption because it’s not as secure as iphones…

        • nilbud

          Rubbish.

        • Intergalactic_wolf

          Again, citation?

          • moew

            Who is receiving a citation (ticket)?

          • Naga Tudor

            stfu with your citation already look at most of the android articles that say exploits have been found that hack your phone without effort. Sure the nexus phones are secured(maybe), but thats like 1-2% of all android phones? rly stfu already android is not as safe as iphone

          • Intergalactic_wolf

            Lmao

        • Just_Wondering

          No one can break encryption. even if you are using every computer in the world, they are not strong enough to brute force break all but the oldest encryption keys. The keys today are just too big.

          The only thing that can be done is like on the iPhone, which only has 10,000 possibilities (easily done, even by a human), is to do what Apple did, and scramble it after a small number of incorrect guesses. I could not find any issues with the modern setup of the Android’s encryption on Google. There were some flaws with it in the past, but again, not with the encryption itself, which is safe, but possibly bypassing it. That flaw was fixed.

          So like they guy blow said, “citation”? Don’t just come here a spew stuff that you have no idea about unless you can prove it.

          • tiger

            And who is on Android 6.0?

          • Naga Tudor

            so, u’re saying that an android encrypted phone is safer than an iphone?

          • Just_Wondering

            All I am saying is that the encryption portion of the process is not breakable. Whether they do something else stupid like store the private key on the phone, or something else that may be a security risk, that is where the issue lies. Frankly, I am not the end all be all expert on encryption, so I could not say one way or the other whether Android or I-devices are more secure, and don’t think I tried to play favorites above either.

            I would have to think that the iPhone has pretty well made sure that any flaws in how they get to the encryption phase are pretty good, or the FBI would not be in court since I am sure they have a few experts on the payroll.

      • Izzie

        I actually posted links about breaking various encryption on Android devices, but it seems to have been deleted.

  • abqnm

    This isn’t surprising. It wasn’t enabled by default, and enabling it made the new cheap Fire tablets run like absolute garbage. I’m sure Amazon used their telemetry metrics to determine that hardly anyone was actually using it anyway, and just removed it so they don’t have to deal with the performance headaches it creates.

    Besides, Amazon Fire products are meant as media consumption devices, not productivity or business devices, and you store most of your data in Amazon’s cloud services anyway. Local encryption isn’t really a huge deal on these devices. Sure they will upset maybe 100 people who actually enabled encryption, but for the masses this makes no actual difference.

    • Daggett Beaver

      “Besides, Amazon Fire products are meant as media consumption devices”

      That was my first thought, exactly. What would I have on a Fire device that I would want encrypted?