According to Amazon, Removing Kindle Fire,Fire OS 5’s onboard encryption is not a new development, and it’s not related to the iPhone fight
Amazon said that the Fire OS 5 update removed local device encryption support for the Kindle Fire, Fire Phone, Amazon Fire HD, or Amazon Fire TV Stick was because the feature simply wasn’t being used.
Privacy advocates and some users criticized the move, which came to light on Thursday even as Apple Inc was waging an unprecedented legal battle over U.S. government demands that the iPhone maker help unlock an encrypted phone used by San Bernardino shooter Rizwan Farook.
On-device encryption scrambles data so that the device can only be accessed if the user enters the correct password. Cryptologist Bruce Schneier said Amazon’s move to remove the feature was “stupid” and called on the company to restore it.
Amazon’s move is a bad one. But it’s not a retreat in the face of Apple-FBI pressures
One of the features removed includes one that allowed owners to encrypt their device with a pin which, if entered incorrectly 30 times in a row, deletes all the data stored on it. The feature is similar to the safety feature found on the iPhone at the center of the San Berardino shooter trial, which erases all the device data if the passcode is entered incorrectly ten times.
Amazon joined other major technology companies in filing an amicus brief supporting Apple on Thursday, asking a federal judge to overturn a court order requiring Apple to create software tools to unlock Farook’s phone.
Amazon spokeswoman Robin Handaly said in an email that the company had removed the encryption feature for Kindle Fire tablets in the fall when it launched Fire OS 5, a new version of its tablet operating system.
“It was a feature few customers were actually using,” she said, adding that Kindle Fire tablets’ communication with the company’s cloud meets its “high standards for privacy and security including appropriate use of encryption.”
Encryption expert Dan Guido said that Amazon may have eliminated the feature to cut component costs for tablets that sell for as low as $50.
But digital privacy advocates and customers said those arguments were not good enough reasons for discontinuing the feature.
“Removing device encryption due to lack of customer use is an incredibly poor excuse for weakening the security of those customers that did use the feature,” said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation.
“Given that the information stored on a tablet can be just as sensitive as that stored on a phone or on a computer, Amazon should instead be pushing to make device encryption the default – not removing it,” Gillula said.
David Scovetta, a security analyst who owns two Kindle e-readers as well as Amazon’s TV set-top box, said he is now wary of buying new gadgets from the company.
“Amazon could just as easily be encouraging its users to adopt it rather than remove it as a feature. That’s a massive step backwards,” he said.
Fire OS 5 is the first release to use the Android 5.0 “Lollipop” codebase, and as such it is possible that this removal is down to a technical issue (such as battery life or performance). Last year Google reported that it would allow hardware makers to decide whether or not to enable encryption-by-default because of performance issues on older devices.
People are talking about the lack of encryption today because the OS update is only now hitting older devices, like the fourth-generation Fire HD and Fire HDX 8.9. Despite how neatly the sudden forfeiture of encryption by a tech giant fits the Apple-FBI narrative, this encryption deprecation isn’t related to that battle. Instead, Amazon appears to have given up onboard encryption without any public fight at all.