I can see how this happened. They removed their own custom encryption system in preparation for the native encryption offered by lollipop. For some strange reason they couldn't actually finish making that native encryption feature shippable (some last minute show-stopper bug maybe?). But the old encryption code was not ported to lollipop either, so essentially they ended up with having two unusable encryption systems on their hands and deadlines looming. The end result can be seen here.<p>Of course this is purely speculation, but I see this sort of thing far more likely explanation than some nebulous collusion with NSA (Hanlon's razor etc)
Don't buy an Amazon device while planning on rooting it and installing CyanogenMod or the equivalent, either. Starting with Fire OS 5.1.1 in December 2015, Amazon locked down the bootloader making such hacks considerably trickier. Here's a relevant thread at XDA forums:
<a href="http://forum.xda-developers.com/amazon-fire/development/amazon-fire-5th-gen-supertool-root-t3272695" rel="nofollow">http://forum.xda-developers.com/amazon-fire/development/amaz...</a><p>With moves like this, I'd guess it likely that Amazon continue to move in a direction unfriendly to users wanting full control over the devices they own.
While data isn't encrypted-by-default on AWS, this plants a flag in the ground on where Amazon stands in a way that does not sit well with me.<p>Given Amazon's stance here, I am disinclined to running infrastructure on their cloud. The USA is becoming less and less friendly as a place to operate a business.
I would buy the argument that this is a performance change, had they not already shipped with it on before. Encryption on android is not usually a large bottleneck (measurable but not great) on such devices. I call BS on any claims of this being perf-motivated.
Amazon's most recent line of Kindle Fire tablets are horribly slow products. They sacrificed their hardware in order to make a super cheap tablet (which in my opinion is a mistake because it leads to poor user experience). I'm sure this is an attempt to get a little extra performance from these products.
> the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices.<p>Fire OS doesn't run on Kindle e-readers.
>Amazon is among several tech companies filing or joining amicus briefs in the Apple case.<p>I bet the wording in Amazon's amicus brief will be much weaker than that of Google and Facebook's.
People unfamiliar with full-device encryption on Android devices need to be aware of the following: until Marshmallow, it was <i>SLOW</i>. It was so bad that while Google recommended turning on encryption by default on Lollipop, they had to <i>back off</i> of the recommendation because full-disk encryption made the devices run like crap. [0] The reason suspected for this is that up to and including Lollipop, Android handsets did not support hardware-backed encryption/decryption, which meant it all had to be done in software.[1] This had the end result of putting huge overhead onto the device once FDE was turned on, and over time it would get slower and slower. Anecdotally, I tried encrypting my HTC One M7 a few years ago for security, and I eventually I had to factory wipe the damn thing because the overhead got <i>so</i> bad that I would periodically turn on the screen and it would take so long for the phone to respond that the auto-idle would turn the screen back off before I I was even presented with a lockscreen!<p>The M7's specs were nothing to scoff at in 2013. Given the incredibly limited specs of Amazon's tablets, however, I would not be surprised if encrypting them could slow them down further to the point of being unusable.<p>[0] <a href="http://arstechnica.com/gadgets/2015/03/google-quietly-backs-away-from-encrypting-new-lollipop-devices-by-default/" rel="nofollow">http://arstechnica.com/gadgets/2015/03/google-quietly-backs-...</a>
[1] <a href="http://www.androidpolice.com/2014/11/20/anandtech-posts-side-by-side-nand-performance-for-nexus-6-encrypted-vs-unencrypted-its-not-pretty/" rel="nofollow">http://www.androidpolice.com/2014/11/20/anandtech-posts-side...</a>
A lot of these devices are low-end so I can see that removing it is two-fold benefit:<p>1.) Making friends with the NSA.
2.) Improving performance on their devices.
Considering Amazon's reputation and practices, I wouldn't be surprised if their system was broken or compromised, probably on purpose. Still, they're also forcing Kindle Keyboard users to upgrade their devices for them to keep functioning while giving them only weeks in which to do, something which this wouldn't explain. I own almost a dozen Amazon devices and I can honestly say, every single one was a waste of money. It's not that I didn't read books and use the tablets, but the way Amazon treats its customers is only slightly better than guards treat inmates in jail (and in some cases, worse). And now, it looks like they're pretty much going to stop working altogether. If Amazon wants to keep its customers, it should probably stop threatening them and closing their accounts over made up policies as well as stop bricking their devices (which is now imminent). But they simply just don't care.
I must admit, I am unsure how to properly encrypt phones anyway. Currently I am using a 4 digit PIN on my phone. Surely if an attacker had access to my phone, that would be trivial to crack. It seems unrealistic to use a lengthy PIN (10 digits or more?) to unlock my phone, because I have to do it so often.<p>What is a good solution? Perhaps sensitive applications have to encrypt their own data, so that I can access most of the phone functionality with the short PIN, but need a longer password to access certain data. No dice with the address book, though :-(<p>(I don't trust finger prints, because they seem tricky to keep secret - my latest phone also says that fingerprints may be less secure than a good PIN).
It's an interesting approach if encryption is available as a 3rd party option. It means that they deflect liability; especially if the 3rd party is an easily installed app provided by a shell company.
> The company did not respond to a request for comment about its Fire OS encryption change.<p>It's clear these comments are going to be a wave of negative speculation but I find it hard to believe that Amazon has done this to make their devices easier to hack by the three letter agencies.<p>I would love to hear some kind of comment from anyone at Amazon who knows why they did this.
Does this have anything to do with it? <a href="https://aws.amazon.com/govcloud-us/" rel="nofollow">https://aws.amazon.com/govcloud-us/</a>