Replacing Fire OS's encryption isn't enough: Amazon should turn it on by default
Amazon says few users turned on full-device encryption, but that's the wrong approach to helping users protect their data.
Fire OS 5, the latest version of the operating system that drives Amazon’s more sophisticated tablets, removed a full-device encryption option available in the previous release. Amazon says it was because few users enabled it, but that’s the wrong way to approach encryption. A few days after a kerfuffle arose, the company says it will restore the option in a month or two. It should do even more.
The story just blew up last week after a security researcher pointed out a release note he’d read. While Fire OS 5 shipped last fall and Amazon users had been discussing on forums for months, it was only with the release of this OS update to older Fire devices that the issue blew up. The timing turned it viral, since it came just as Amazon filed a friend-of-the-court brief along with other tech companies in favor of Apple’s position in resisting the FBI’s All Writs Act request for a custom version of iOS.
Amazon ostensibly didn’t disable encryption because of fear of the U.S. or other governments. Rather, based on what the company has said and the timetable, it’s because this was a seldom-used feature that requires technical reasons to keep working. Why not toss something few are using? Well, because it aided users’ privacy.
Fortunately, the company is also listening to customers. Late Friday night, the firm sent out a statement to journalists: “We will return the option for full disk encryption with a Fire OS update coming this spring.”
I’d argue that Amazon should go a step further, and enable encryption by default on all Fire devices that are capable of handling the extra computational load, unless the user specifically opts out.
Full-disk encryption (FDE) refers to protecting the entire mountable file system of a disk drive, whether a hard drive or SSD in a computer, or flash memory in a smartphone or tablet. When a computer is shut down or a mobile device is locked, the drive or device has zero value to an attacker without the appropriate encryption key. (Running computers can be susceptible to key extraction, as it’s stored in RAM.)
When mobile operating systems added FDE, it’s more appropriately called “full-device encryption,” because nearly all interaction with the device is limited until a password, PIN, or other method unlocks an encryption key, which allows the OS to decrypt and use the file system. (Apple has a bypass to perform OS and other upgrades without the passcode, but that’s one of the things the company is reportedly working on removing from future versions, in light of the FBI case.)
The advantage of FDE is that it dramatically reduces the possibility that someone who obtains your device will be able to extract anything useful from it. Amazon admittedly has a far smaller useful profile of attack on its Fire OS devices. While they’re designed to be fully capable tablets, the reality is that they’re sold and used mostly as media consumption devices, relying on cloud-stored media that’s streamed or downloaded for local playback.
Fire OS owners can download software from Amazon’s App Store or sideload other apps designed to run in Fire OS or Android. Some likely small percentage of owners certainly use apps that store private information locally, even if it’s also synced to a cloud service.
Fire OS is an offshoot, or “fork,” of Android OS, and version 5 parallels Android 5 (Lollipop), which came out with strong encryption for data stored on the device, very similar to that in iOS. But that encryption was always optional because of performance issues with certain Android models.
It’s possible that many Fire devices are too underpowered to run FDE effectively. Modern smartphones and tablets designed for robust use include hardware-based encryption chips that effectively eliminate the processing cost of layering strong protection. Given Amazon’s price points, most Fire devices perform encryption with the main CPU, and FDE might render those devices barely usable.
However, it’s not hypothetical that people and institutions of all stripes will attempt to gain access to our devices. It’s a good move on Amazon’s part to re-enable the encryption option, but I’d argue the company should go a step further.
On Fire devices capable of using encryption without hobbling performance, the Fire OS update should let users know it’s an option and suggest enabling it. And Amazon should be designing all its future devices with the extra few cents of circuitry necessary to allow default FDE without users paying the price.
Making devices fully encrypted by default is a user benefit. It may wind up requiring more customer service, but it’s the path all hardware needs to take—not just now, but years ago. Through its new update, Amazon can offer that retroactive option.