Above is mostly likely the reason Amazon posted the request not to encrypt the data.
I know Stablebit Clouddrive (which does client side encryption) have been struggling to get approval from Amazon, but this is due to excessive API requests, not client side encryption.
They want users to pour data into Amazon Drive and for that to be useful to any and all applications that connect to Amazon Drive.
If one app encrypts that data, then no other app can make sense of it.
Obviously client side encryption is an important part of using any kind of cloud storage, so disallowing it pretty much removes any potential use of Amazon drive for me. I have some photos I don't mind being stored unencrypted, but I have plenty I'd rather not allow any and every app to have access to.
> What if the customer choses to encrypt their data?
>> They can do that, and that is fine.
https://forums.developer.amazon.com/questions/54909/impact-o...
Unlimited cheap storage is probably a magnet for pirated videos. Encrypting (or just obfuscating) them would be an obvious step to avoid detection.
Doesn't make much sense either.
But, this is only for Amazon Drive storage. Which makes sense.
If you want to store encrypted personal stuff, dont use Amazon Drive. Clients like ARQ are definitely made for such cases (and are probably cheaper in the long run).
Sarcastically interpreting this directive as non-generously as it is worded: don't use SSL?
"With our updated RESTful API and SDKs for Android and iOS, Amazon Drive is moving to an invite-only developer offering to ensure we can provide a consistently viable service available for supported use-cases."
Clearly, they want to be able to spy user data.
You can easily summary this list of restrictions to:
DO NOT WRITE Amazon Drive APPLICATIONS!
Personnaly, I would never write an application that would not encrypt user data, including user credentials. Basically, most services don't even need to know who their users are (unless you implement dumb password recovery scheme that requires you to send an email to the user, you just don't need ever to know anything more than a hash instead of an email in the clear!).
1) they'd rather encryption didn't become widespread on the service because they want to spy on users (users encrypting things themselves is still fine, they say)
2) they don't want support calls from people who've lost really important files because your crappy app lost their key, and/or because the user lost it, because typical users cannot and never will be able to handle manual key management, but if you encourage them to do it they might try.
When Amazon says they can't do it they will ask for the source code or a vulnerability for the software that encrypted it. That will get bounced to the developer. Does Amazon want to get into that business of selling out the people making software for them?
An app like Cryptomator may use Amazon Drive APIs to encrypt data before it arrives in the Amazon Drive. Does that cover Cryptomator? Well, we don't know, because it's so vague.
It could also very well be a purposeful thing, if Amazon wants to data mine all the backed-up data. Plus, it may want to make it easier to give the data to law enforcement (or not get in trouble itself for having that data stored in an encrypted form), and so on.
>We want to give you some guidelines for apps not to build on the Amazon Drive platform to save you time in building something that will not be approved during the App Review process
