Are you considering a new smartphone? If you are, Amazon’s Fire phone might be high on your list. But hold on a minute: there are five privacy reasons why this might not be a good idea…
The Amazon Smartphone is likely to be ubiquitous this Christmas, pushed every time you order gifts on Amazon. It’s likely to end up in the hands of older relatives and kids, too, providing the company with a vast new customer base.
But what else will Amazon get out of it?
There is the very strong possibility that one of the new features introduced on the Fire, Firefly, will enable Amazon to collect an unprecedented volume of data about each device owner. This is bad.
Sadly, it’s not the only privacy and security issue with the Amazon Fire.
What Is The Amazon Fire?
In case you’re unaware, the Amazon Fire is a new smartphone set to be released by Amazon in the final quarter of 2014. Like the Kindle Fire series of tablets before it (launched back in 2011 with the original Kindle Fire, which was a little tricky to setup), it uses a forked Android operating system and is married to the Amazon ecosystem rather than the Android ecosystem.
One result of this is a lack of the Android store on Google Play (see below) but in its place is the Amazon App Store (which features many high profile apps). Similarly, while there is no Google Now, no Google Maps or Music, there is access to various Amazon services, like Amazon Music and Amazon Maps. Meanwhile, like the Kindle Fire devices, finding books and products to potentially buy using the Fire phone is going to be extremely easy.
The presentation from Jeff Bezos below will explain the device in considerable detail.
All of this might sound quite thrilling, and the successful marriage of a phone to an online store certainly seems intriguing. However, there are problems, security vulnerabilities and privacy issues that you should consider.
The Operating System
The first thing you will see with the Fire phone is the Fire OS 3.5 operating system, based on Android 4.2. Although, there are plans to release a version based on Android 4.4.
This, however, is one of the main problems – you’ll be using a brand new phone sporting an older version of Android. For many, this might not be a major concern, but as each version of Android features security fixes, you would think that having the most up-to-date release of the OS – or a fork of that – would be the best plan.
Updates on the Kindle Fire tablets are usually forced too, which means any security holes in the Fire OS that have been overlooked are applied regardless of whether the user wants the update or not. Will the same procedure for updating be applied on the Fire phone? It seems likely.
A second problem with the Fire OS is the browser. Silk Browser is based on Chromium, and relies heavily on the Amazon Cloud to decrease load times for the vast majority of websites. This feature alone has raised some eyebrows.
Browsers have long been considered a target for attackers to gain control of computers and other devices. At present the Kindle Fire isn’t widely used enough for hackers to turn their attention to the Silk Browser, but with the introduction of the Amazon Fire phone, the possibility of increased use of Silk could result in vulnerabilities being discovered and manipulated by attackers.
Naturally, Amazon will be expected to deal with these vulnerabilities, but at this stage it is inexperienced in addressing such security threats.
Firefly: Storing YOU In The Cloud
Probably the biggest user privacy concern with the Amazon Fire smartphone is Firefly, a sort of metadata archive that delivers a considerable amount of information about you to Amazon.
Firefly is ostensibly a tool to help Amazon find things you’re interested in, while also acting as a tool for recognizing music (think Shazam, the popular app for telling you the name of the song you can currently hear on the radio), products and TV shows and scanning QR codes and URLs.
What this means is that any and all information collected by the device’s camera, microphone and GPS will be remotely stored, where it can then be used by app developers. We’re talking metadata concerning everything that can be seen in an image, from games and glasses to books and building blocks. The implications of this volume of metadata being available in this way are as yet unclear, but the lock screen button that enables Firefly to launch the camera is itself a particular security risk.
For instance, what might happen if the Firefly tool snapped a URL that used a hack that might crash the phone or prompt it to download malware? Or for a more likely scenario, how would you feel if your Amazon profile was screwed up by people taking photos with your phone of random items you’re not interested in? Another concern has been that users might accidentally buy items, but apparently there are safeguards to prevent this from happening.
We should point out that the Firefly system and the main camera app are kept separate; also, any photos and videos you take will remain private.
Firefly seems to be a huge problem for security advocates, and until Amazon clarifies the issues, this alone is a very good reason to avoid the Fire phone.
Selling With A 3D Illusion: Photographing You, Always
If you thought Firefly was enough of a reason to skip the Fire phone, don’t overlook Dynamic Perspective, a tool that will give you a 3D view of items you’re looking at on the Amazon store.
This is achieved by using the phone’s gyroscope to determine the orientation of the device and four cameras to record where your eyes are. Combining this information will enable the phone to display an object in three dimensions as if you were looking at it in person.
The images of your face are apparently not stored. They would, after all, take up a lot of space on your device, and it is unlikely that Amazon would want to maintain vast archives of its customers’ faces, but it is not beyond the realm of possibility (particularly following what we’ve learned following the Snowden revelations) that a malicious hacker or government agency might hack into your device to view you.
Incidentally, this feature also works in the dark.
Want Google Apps? Go Elsewhere
If you’re still planning on an Amazon Fire phone, the fact that you’re running a device based on Android will probably prompt you to wonder if you can install Google Maps or one of the search giant’s other popular apps.
Well, you can, but you’ll have to go elsewhere. There are no Google apps on the Amazon App Store. This doesn’t necessarily mean that Google Play is better, however.
This means that you potentially open your phone up to malware by installing apps from unapproved locations, third party Android app stores that don’t have the same controls in place as the Amazon App Store and Google Play.
To avoid this, you’ll need to ensure you’re using what we consider to be safe Google Play alternatives, ones that are reliable and offer the same up-to-date apps as Google Play. You’ll also need to know how to install these apps on your phone.
A Great Smartphone, Or A Security Nightmare?
The Amazon Fire seems like a good idea. Being able to scan barcodes and photograph items while you’re out and about to get instant price comparisons and make a quick Amazon purchase seems like a great idea. Sadly, the information Amazon requires for this system to become a reality is simply too great.
At this stage, whether the device makes calls well or maintains its connection to the Internet is irrelevant. The reviews will come in over the next few months, but how many of these will focus on the security concerns?
Whatever the case, we’re advising that if you care for your online privacy and security, you should avoid buying an Amazon Fire phone.
If you do find yourself owning one, installing a custom ROM based on a more secure version of Android would be the safest option, but you’ll have to wait for one to be released first.
What do you think of Amazon’s new phone? Do you feel the integration with the Amazon ecosystem is too great, or are you nonplussed by the privacy concerns? Share your thoughts in the comments box.