
Amazon confirms it has dropped device encryption support for its Fire Tablets - dineshp2
http://techcrunch.com/2016/03/04/amazon-confirms-it-has-dropped-device-encryption-for-its-fire-tablets/
======
jmiserez
Yesterday's discussion here:
[https://news.ycombinator.com/item?id=11218427](https://news.ycombinator.com/item?id=11218427)

------
edderly
Full disk encryption isn't really that much of a big deal for the average user
on a lot of modern mobile SoCs. The messaging of this is a lot worse than the
security implication in practice.

Full disk encryption doesn't protect you against most 'normal' security
attacks like privilege escalation, because once an attacker has gained that
privilege they can read any data off the mounted encrypted file-system.

The way FDE works is that you're encrypting the blocks stored on the physical
storage eMMC[1], so if someone gets their hands on your device and physically
tampers with it, in theory, with enough skill and fiddly soldering and wiring
to an SD card adapter you could access the data.

However, many SoCs stack the eMMC on top of the application processor
directly, look up package on package or "POP". This means you can't even
access any pins to wire up an adapter without "extremely" specialized
equipment. We're talking about slicing a layer off the chip package without
damaging it.

[1]I've left out physical SDcards because until recently there was no facility
to encrypt you data in a cross platform compatible way on these devices.
Android treats SDcards as plain unencryted FAT/exFAT storage by default
anyway.

------
liquidise
Hopefully the market reacts accordingly.

It can be hard to gauge public opinion from the HN echo chamber, but the apple
case is causing national awareness of this important issue. The real question
is: will consumers make decisions in the next 6, 12, 24 months based on the
information they hear about these devices? I'd like to say yes, but i suspect
the answer is no.

~~~
guyzero
Fire tablets are $50 devices tied to Amazon accounts that people buy so their
children can watch videos on a borderline-disposable device.

Tell me where encryption fits into that use case.

~~~
izacus
Whereever the user wants it to. You're essentially saying the users of those
tablets shouldn't be able to protect them just because you can't see a usecase
beyond "only children are using it".

~~~
guyzero
There are lots of other tablets. The Fire Tablet team has a finite amount of
developer time to build features for their target users. Encryption is clearly
not a feature they feel it's worth working on.

With security features it's probably better to drop them rather than implement
them poorly.

~~~
philjohn
FireOS is a heavily skinned Android. That's it. Supporting it is free as FDE
is built into Android.

As someone else said, this is probably becauase their hardware is somewhat
lacklustre (it's a $50 tablet, after all) and therefore the performance hit
was hurting the end user experience to an unacceptable level.

------
notlisted
Meh. For me this is such a non-issue. While very privacy-conscious in general,
since my very bad experience with an encrypted backup drive, a lost
password/passphrase, and losing 2 years of data/photos as a result, I've
cooled on full-device encryption.

Sure, it's preventable, and it was my own stupid fault, but I bet it happens
to a lot of people and it caused them, and Amazon, more heartache than the
added level of 'security' encryption would provide. "What do you mean, you
can't retrieve my data? You made this thing! Can't you reset the password?"

~~~
jethro_tell
This isn't a bad point. It's also worth noting that as a whole android hasn't
been the most secure, and fde only works while the phone is off or storage is
unmounted which may be important for some but most average users don't really
ever turn the devices off. So if you're running fde and you get a stage fright
driveby, it's fornaught.

Making a device more secure when it's off has marginal utility to most
customers that aren't on hacker news. And those customers probably don't
outweigh the support issues associated with FDE for everyone.

------
jakub_g
Meanwhile (I posted 3hrs ago but it got no traction)

[https://news.ycombinator.com/item?id=11223185](https://news.ycombinator.com/item?id=11223185)
[http://www.thelocal.fr/20160304/french-mps-back-fines-for-
ap...](http://www.thelocal.fr/20160304/french-mps-back-fines-for-apple-unless-
it-unlocks-phones)

> French parliamentary deputies, defying government wishes, on Thursday voted
> in favour of penalising smartphone makers who fail to cooperate in terrorism
> inquiries

------
mhaymo
> Claiming users weren’t using the encryption feature, and therefore that
> encryption is unnecessary, is of course a disingenuous argument on Amazon’s
> part. Users also hate using strong passwords — is Amazon going to encourage
> users to ditch those too?

I think it's TechCrunch that's being disingenuous here. Disk encryption is a
feature, and has performance, maintenance and UX costs, unlike allowing strong
passwords.

------
AdmiralAsshat
Since this is now front page and last night's thread on this has fallen off,
I'll repost what I said there, supporting the theory that encryption might
actually have been turned off for performance:

People unfamiliar with full-device encryption on Android devices need to be
aware of the following: until Marshmallow, it was _SLOW_. It was so bad that
while Google recommended turning on encryption by default on Lollipop, they
had to back off of the recommendation because full-disk encryption made the
devices run like crap. [0] The reason suspected for this is that up to and
including Lollipop, Android handsets did not support hardware-backed
encryption/decryption, which meant it all had to be done in software.[1] This
had the end result of putting huge overhead onto the device once FDE was
turned on, and over time its performance would continue to degrade.
Anecdotally, I tried encrypting my HTC One M7 a few years ago when it was my
daily driver, and I eventually I had to factory wipe the damn thing to turn it
off. The overhead with encryption on got _so_ bad that I would periodically
turn on the screen, and it would take so long for the phone to respond that
the auto-idle would turn the screen back off before I was even presented with
a lockscreen!

The M7's specs were top shelf in 2013. Given the limited specs of Amazon's
cheaper tablets, I would not be surprised if encrypting them could slow them
down further to the point of being unusable.

[0] [http://www.androidpolice.com/2014/11/20/anandtech-posts-
side...](http://www.androidpolice.com/2014/11/20/anandtech-posts-side-by-side-
nand-performance-for-nexus-6-encrypted-vs-unencrypted-its-not-pretty/) [1]
[http://www.androidpolice.com/2014/11/20/anandtech-posts-
side...](http://www.androidpolice.com/2014/11/20/anandtech-posts-side..).

EDIT: Removed the aside, since I was mistaken that the Kindle reader OS's were
affected.

~~~
curt15
What I find quite strange is why no Android device seems to use a dedicated
hardware encryption module to reduce overhead like iPhones have had since the
3GS. Even security-focused devices like the Blackphone are crippled by the
lack of crypto acceleration ([http://arstechnica.com/gadgets/2015/09/paranoid-
android-redu...](http://arstechnica.com/gadgets/2015/09/paranoid-android-
redux-going-dark-with-silent-circles-blackphone-2/)). In comparison, iDevices
are screaming fast even when fully encrypted (take a look at the storage
numbers here [http://www.anandtech.com/show/9686/the-apple-
iphone-6s-and-i...](http://www.anandtech.com/show/9686/the-apple-
iphone-6s-and-iphone-6s-plus-review/7)).

~~~
yeukhon
Is there a source to confirm iPhone is equipped with HSM? One theory is the
low-end devices want to reduce cost, and furthermore, Android devices are
manufactured and sold by more than one company. But you can argue the weakest
will eventually participate or die.

~~~
kossae
There are more details on the HSM in the iOS security guide here.
[https://www.apple.com/business/docs/iOS_Security_Guide.pdf](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)

~~~
yeukhon
This is HSM on the iPhone itself, or on the cloud side?

~~~
Karunamon
The phone itself. All of the encryption is done in hardware, not just for
performance, but for resistance against physical attacks. The dedicated
processor is nothing short of Fort-Knox-like if that paper is to be believed
fully.

