Replacing Fire OS’s encryption isn’t enough: Amazon should turn it on by default – Macworld

8 months ago Comments Off on Replacing Fire OS’s encryption isn’t enough: Amazon should turn it on by default – Macworld

Fire OS 5, the latest version of the operating system that drives Amazon’s more sophisticated tablets, removed a full-device encryption option available in the previous release. Amazon says it was because few users enabled it, but that’s the wrong way to approach encryption. A few days after a kerfuffle arose, the company says it will restore the option in a month or two. It should do even more.

The story just blew up last week after a security researcher pointed out a release note he’d read. While Fire OS 5 shipped last fall and Amazon users had been discussing on forums for months, it was only with the release of this OS update to older Fire devices that the issue blew up. The timing turned it viral, since it came just as Amazon filed a friend-of-the-court brief along with other tech companies in favor of Apple’s position in resisting the FBI’s All Writs Act request for a custom version of iOS.

Amazon ostensibly didn’t disable encryption because of fear of the U.S. or other governments. Rather, based on what the company has said and the timetable, it’s because this was a seldom-used feature that requires technical reasons to keep working. Why not toss something few are using? Well, because it aided users’ privacy.

Fortunately, the company is also listening to customers. Late Friday night, the firm sent out a statement to journalists: “We will return the option for full disk encryption with a Fire OS update coming this spring.”

I’d argue that Amazon should go a step further, and enable encryption by default on all Fire devices that are capable of handling the extra computational load, unless the user specifically opts out.

Encrypting everywhere

Full-disk encryption (FDE) refers to protecting the entire mountable file system of a disk drive, whether a hard drive or SSD in a computer, or flash memory in a smartphone or tablet. When a computer is shut down or a mobile device is locked, the drive or device has zero value to an attacker without the appropriate encryption key. (Running computers can be susceptible to key extraction, as it’s stored in RAM.)

When mobile operating systems added FDE, it’s more appropriately called “full-device encryption,” because nearly all interaction with the device is limited until a password, PIN, or other method unlocks an encryption key, which allows the OS to decrypt and use the file system. (Apple has a bypass to perform OS and other upgrades without the passcode, but that’s one of the things the company is reportedly working on removing from future versions, in light of the FBI case.)

Replacing Fire OS’s encryption isn’t enough: Amazon should turn it on by default – Macworld