The change came to light recently but was implemented last fall, long before the FBI ordered Apple to unlock the iPhone of a San Bernardino shooter. The loss of support for encryption was noticed by EFF member David Scovetta in a tweet this week. Scovetta spotted a page in the tablet’s user manual warning that encryption is deprecated as of Fire OS 5.
Amazon told TechCrunch it removed encryption from Fire OS 5 because it found that customers weren’t using the feature enough to warrant its existence. “In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using,” the company said. “All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”
Despite the explanation, it remains unclear why Amazon would abandon encryption altogether. Although used infrequently, it is an important feature to many people, protecting the files they store on their tablet and providing security in the event it is lost or stolen.
Amazon has been criticized by some users for being scared away from encryption by Apple’s case against the FBI. Although it may appear as though Amazon is trying to ensure it doesn’t end up in the same situation, forced to unlock a customer’s device, it should be remembered the change was made months ago before the U.S. government ruled against Apple.
Amazon recently sent a strong indication it is on Apple’s side in the case, signing a “friend of the court” amicus brief alongside tech companies including Google, Microsoft, Facebook, Mozilla and more. Removing device encryption from its own products hasn’t helped it to emphasise its position though, leaving users more vulnerable to hacking.
Amazon is still encrypting data transfers over the Internet from Fire tablets to remote servers. The files a user creates, such as sensitive documents, app settings and photos, are no longer encrypted though, making it much easier for a hacker to access them. Encryption garbles the data inside files, forcing an attacker to find the algorithm required to restore a file to a usable state after it is stolen from a device.
Amazon hasn’t elaborated on why it has decided to take a step backwards on device security. One reason could be that encryption was slowing the cheaper Fire tablets down as more work is required to read and write files with the feature enabled. Even so, customers could still expect a toggle to turn encryption back on, similar to the implementation of device encryption on Android, rather than having it taken away entirely.