I saw that Amazon disabled the some of the "enterprise features" on its phones and tablets, including the native...
encryption capabilities. What does this mean for those devices? And now that native encryption has been removed, what tools, if any, are available to add encryption back?
Fire OS 5 is the latest version of Amazon's Android-based mobile operating system used by the Fire Phone and Kindle Fire range of tablets. Fire OS is a fork of Android, based on the Android Open Source Project code, with a heavily customized user interface and its own app store. Although the Amazon Fire OS 5 was released last year, it has only recently come to public notice that it doesn't offer the option of encrypting the device's contents. Earlier versions had an encryption function that allowed users to encrypt their entire device with a PIN that would erase all their data if entered incorrectly 30 times in a row. Users with older devices are now able to upgrade to Fire OS 5, which is why the lack of local device encryption has come to light.
Amazon said that it removed the encryption feature because so few people actually used it. Data exchanged between Fire devices and Amazon's secure servers are still encrypted, but while it is stored on the device it remains in plaintext, leaving it vulnerable should the device be lost, stolen or compromised. Although people mostly use Fire devices for entertainment, they still contain personal data such as information regarding the user's Amazon account, including payment details and possibly their email accounts. The lack of encryption makes the devices running the Amazon Fire OS 5 more attractive to thieves and certainly rules them out of being used for work-related tasks.
Following numerous complaints from users, Amazon said that it will return the option for full disk encryption with an upcoming Fire OS update. Until then, administrators should update network access control solutions to prevent devices running Fire OS 5 from joining the network. Until the update is available, users should not store any sensitive data -- personal or business -- on their device. Those with devices running earlier versions of Fire can delay upgrading until the new update is available, though this could create its own security patching issues should a vulnerability come to light in an earlier version of the Fire OS.
Although few people may use encryption on their personal devices, it is an essential safeguard for those who take their data privacy seriously. The best setup is for encryption to be on by default. Some older devices may slow down when handling the extra computational load, but even so, users should always be able to make an informed choice as to whether to encrypt their data or not.
Compare the security features of the top mobile OSes
Learn how to differentiate between mobile operating systems
Find out what problems accompany Android fragmentation
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Michael Cobb
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work ... Continue Reading
Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking ... Continue Reading
Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.