Amazon’s decision to remove encryption from its tablets running the latest Fire OS 5 release of its software has many privacy-minded tablet owners are crying foul. They are blasting Amazon for making their tablets less secure and no longer safe to store personal data from email credentials, credit card numbers and sensitive business information.
“Amazon rolled over, exposed all our bellies to be eviscerated by the bad actors if lost or stolen,” wrote an Amazon Fire tablet owner on an Amazon message board. Fire tablet owners shared similar sentiments on other social media channels on Friday.
On Thursday, Amazon confirmed that it made the decision to remove encryption support from its devices that run Fire OS 5. In a statement to the press Amazon wrote: “In the fall, when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using. All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”
The move contrasts Apple’s tough stance on encryption for its iPhone. It’s also a move confounding Amazon customers in light of the fact Amazon is supporting Apple in its current legal fight against the FBI over unlocking an iPhone.
Amazon joined Google, Facebook and Microsoft in a “friend of the court” statement supporting Apple: “By standing with Apple, we’re standing up for customers who depend on us to keep their most private information safe and secure.”
Amazon’s decision to remove encryption, security experts agree, is not tied to Apple’s matter with the FBI.
“Amazon appears to be making the assumption its users just don’t care about securing its tablets to the same degree Apple and others have. The assumption may be, because the primary purpose of the tablet is media consumption, the security bar can be lower,” said Ed McAndrew, a partner in the data security practice at Ballard Spahr.
Privacy activists argue that “weakening” security is not an appropriate trade-off just because some features aren’t used.
“Removing device encryption due to lack of customer use is an incredibly poor excuse for weakening the security of those customers that did use the feature,” said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation, in a statement to Threatpost. “Given that the information stored on a tablet can be just as sensitive as that stored on a phone or on a computer, Amazon should instead be pushing to make device encryption the default—not removing it.”
Amazon introduced its Fire OS 5 last fall and added several usability features including a significant update to the user interface. But with the introduction of the Fire OS 5, Amazon removed device encryption support. Earlier versions of the Fire OS still support encryption.
McAndrew and others believe Amazon’s choice to remove encryption may have less to do with a conscious effort to make its tablets less secure and more to do with improving device performance.
“Amazon is going to have to be very careful about how it positions this decision,” said Roger Kay, principal analyst at Endpoint Technologies Associates. “It doesn’t have anything to do with Apple, but unfortunately – because of the timing – it looks like it does. And since the customers are paying the bills, that’s not a good message.”