I saw that Amazon disabled the some of the "enterprise features" on its phones and tablets, including the native...
encryption capabilities. What does this mean for those devices? And now that native encryption has been removed, what tools, if any, are available to add encryption back?
Fire OS 5 is the latest version of Amazon's Android-based mobile operating system used by the Fire Phone and Kindle Fire range of tablets. Fire OS is a fork of Android, based on the Android Open Source Project code, with a heavily customized user interface and its own app store. Although the Amazon Fire OS 5 was released last year, it has only recently come to public notice that it doesn't offer the option of encrypting the device's contents. Earlier versions had an encryption function that allowed users to encrypt their entire device with a PIN that would erase all their data if entered incorrectly 30 times in a row. Users with older devices are now able to upgrade to Fire OS 5, which is why the lack of local device encryption has come to light.
Amazon said that it removed the encryption feature because so few people actually used it. Data exchanged between Fire devices and Amazon's secure servers are still encrypted, but while it is stored on the device it remains in plaintext, leaving it vulnerable should the device be lost, stolen or compromised. Although people mostly use Fire devices for entertainment, they still contain personal data such as information regarding the user's Amazon account, including payment details and possibly their email accounts. The lack of encryption makes the devices running the Amazon Fire OS 5 more attractive to thieves and certainly rules them out of being used for work-related tasks.
Following numerous complaints from users, Amazon said that it will return the option for full disk encryption with an upcoming Fire OS update. Until then, administrators should update network access control solutions to prevent devices running Fire OS 5 from joining the network. Until the update is available, users should not store any sensitive data -- personal or business -- on their device. Those with devices running earlier versions of Fire can delay upgrading until the new update is available, though this could create its own security patching issues should a vulnerability come to light in an earlier version of the Fire OS.
Although few people may use encryption on their personal devices, it is an essential safeguard for those who take their data privacy seriously. The best setup is for encryption to be on by default. Some older devices may slow down when handling the extra computational load, but even so, users should always be able to make an informed choice as to whether to encrypt their data or not.
Compare the security features of the top mobile OSes
Learn how to differentiate between mobile operating systems
Find out what problems accompany Android fragmentation
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Michael Cobb
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading