Tuesday, 10 June 2014

Kindle on Android - new permissions? Why? (Updated)

The following is an email that I just sent to Amazon Kindle support. It's self explanatory.

Dear Sir or Madam,
I have been a customer of Amazon for some time; I have also been a Kindle app user on my mobile phone for a while as well.

However, your recent update to the software is putting both of these in jeopardy of losing me as a customer, as they appear to be purely aimed at dredging out data and personal information to which you have no legitimate right.
Therefore, please specify why you need all the following application permissions for me to read e-books that I have paid for?

  • Device & app history - why do you need to know what applications are running on the phone in addition to the Kindle App?
  • Wi-Fi connection information - why do you need to view Wi-Fi connections? The phone can handle those quite effectively already.
  • Device ID & call information - Why do you need to see this personal information that has nothing to do with you? (read phone status and identity)
Thanks you for your time in this matter.

Here's the thing: It's a massive privacy invasion. Why? Because they're trawling for information that they appear not to have any legitimate need to know. The number of anyone you're talking to, for example "read phone status and identity").

They surely don't need to know the details of any wifi network you're on - suppose it belongs to someone else, and you're using it with the owners permission - does Amazon need to know this? Of course not.

Likewise, they don't need to know if you've been playing Angry Birds, or using a satnav, or whatnot.

Frankly, it's a symptom of several app producers over the last couple of years; those that haven't responded have found me no longer using their apps - I delete them. Those that reply, or state why they need addition app permissions on their Android Play pages generally keep my patronage.

The key here is openness. And Amazon have, to date, been remarkably closed about why they want these new permissions.

The only explanation that jumps to mind, is that they want to know everything about you, and as they haven't got a legitimate reason for asking for it, just add new permissions to the app, in the hope that you'll let them see your inside leg measurement without a second to review the new permissions.

I'll keep you updated on this once I receive an answer.


Well, Amazon replied while I was at work, so here's their reply. I've underlined the important bits, and my comments are below it.


We sincerely apologize about, first about these requirements when updating your Kindle app for Android, and second for all the inconvenience this may cause you. I fully understand your displeasure and I hope your satisfaction is our highest concern.

I know that this very disappointing to you but please be assured that we will not store any personal information from you nor get this information by agreeing to these requirements. The Kindle app just need to get access on these (Device and app history, Identity, Photo's/Media/Files, WiFi connection and information and Device ID and Call Information) so it will function well. These are the settings that mostly affect the app and we would like to ensure that the app will work best by requesting access to these.

As we've introduced this update, we are currently working on this Kindle app for easy access and better improvement of functions, thanks for bringing this to our notice. Please be assured that we will keep your account private and we will never get information from your phone----we value privacy highly above all else.

We are grateful to hear about this feedback that would help us improve the Kindle experience. Please be assured that we're continuously working hard to improve the Kindle apps.

Now your feedback about this was forwarded to the Kindle Development Team with the hope that their action on this concern will elicit a change in Kindle app update--I know they'll want to hear about your experience regarding this.

As with all of our products, we continue to make Kindle apps better for customers with regular software updates. As we've introduced a new software update recently, we are currently working on this update for easy access and better improvement of functions, as soon as this feature becomes available on the next software update, we will definitely let you know about this by emailing you or through our website.

Customer feedback like yours helps us in our endeavor to improve the service we provide, and we're glad you took time to write to us.

Thanks again for giving us the opportunity to improve. We look forward to see you again soon.

Please let us know if there is anything further we can do for you in the meanwhile.

Thanks for using Kindle.

Best regards,

OK. So as you can see, the meat of their reply is in the second paragraph, where they undertake not to access or store personal information and/or data.

The interesting upshot of this is that the Android Operating System appears to have some stability issues, if they need permissions like this to make a simple e-book application run with more reliably.

It'll be interesting to see how the yet-to-be-announced successor to Android KitKat fares.

In the mean time, I'm satisfied by both the speed of the Customer Services response, and the content of it, so I'll be updating my copy of the Kindle Android application.

It would have been MUCH better had they said this in the blurb for the app on the Google Play website, and hopefully, they're going about doing this as I write this, but at least the point has been made.


Pierre-Alexandre Sicart said...

I find those new permissions all the more intrusive that the Kindle app comes pre-installed on my device (Asus MemoPad HD 7) and *cannot* be uninstalled.

LeoB said...

Yes, the new permissions we have to give to the kindle android app some days ago was in my opinion a very strange move by Amazon. They tell us to read this list very carefully

Kindle new app permissions

I am looking forward to read the reply you get from Amazon.

Tom Semple said...

The new permissions are likely required to implement the new features. For example, it needs phone state to properly pause/resume playback of the new 'read and listen' feature. The other permissions may be in service of 'improved cross-device sync' and 'improved notifications'. Android needs to know up front which permissions to give the app, there is no mechanism for the user to pick and choose these. Sure, Amazon would do well to provide details on why the app needs the permissions it needs (as some developers do). But in the end it comes down to: Do you trust Amazon, or not?

I would argue that we can trust Amazon. This app is one of the most popular apps in the Google Play store, and has been for a very long time. It might be different with a small app publisher without any sort of track record.

Also I think we need to make a distinction between what the app needs to know in order to function properly, and what information is collected by Amazon. You may be conflating the two. Amazon has a privacy policy detailing the personal information they gather and what they do with it. I would suggest reading that over.

Roger said...

Folks -

Thanks for the comments and observations; you can see that they got back to me in rather short order; I'm none too sure if this is because of my blog, the Twitter repetition, or simply because they knew this was a hot potato that needed to be responded to in short order; whatever the reason, I'm happy they responded so quickly.

As to the permissions; I'm going to take them at face value as to why they say they need them; I would imagine there are enough white and black hat coders out there to dissect what Amazon actually takes, and to scream long and loud if they do more than they actually say they're going to.

It does, though, raise an important issue which I addressed in the update: If android is so screwed up inside that they *need* to gain these permissions to effectively operate such software (applications), what ELSE is wrong with the Android OS that they haven't yet fixed or addressed?

Bit worrying, that.