* * *
Today’s post is brought to you by ESET Smart Security, the tech security product I’ve used for years and love. Advertisers make it possible for Digital Media Mom to bring you great content each day for free, so thanks for your support.
* * *
Note: Kindle Fire HDX owners, please see this more recent post, which is specific to the HDX line – Kindle Fire HDX Antivirus: Do You Need It?
In a word, at this point in time (October 2014), assuming you haven’t hacked your Fire and don’t “sideload” apps to it, no. Not really.
While it’s true that the Kindle Fire runs on the Android platform, and there have been numerous reports of hackers targeting phones that run on the Android platform, that doesn’t mean they’re also targeting your Kindle Fire. Here are the reasons why:
The Kindle Fire runs on a custom, Amazon-proprietary version of Android. The only people who would know how to write a malicious program or script that could run on the Fire’s custom version of Android are the software engineers who helped to create it. Disgruntled employees are not rare, but this factor alone prevents existing malware collectives from easily exploiting the Kindle Fire as a platform for spreading their wares. And if a disgruntled employee from Amazon were to attempt some kind of attack, she’d still be stymied by numerous other factors. Read on.
Hackers target Android phones in order to make bogus charges to those phones’ billing statements. The bogus charges are paid to—big surprise—the hacker or his employer, usually located somewhere offshore where they’re impossible to locate or prosecute. Since all versions of the Kindle Fire currently on the market are not capable of making calls, this type of hack is not applicable to the Kindle Fire.
While it’s true that hackers could theoretically find a way to tack bogus charges on to the monthly data plan employed on the Kindle Fire 4G, this is not too likely because the key to success for hackers is proliferation: maximizing the spread of the malware. See the next item on this list, below.
The Kindle Fire is not a proliferation-friendly device. At present, Kindle Fires cannot communicate directly with one another, nor with any other mobile devices. In fact, the only way a Fire can communicate directly with another computing device is via USB cable, when you connect it to your computer, or via Bluetooth for voice and audio purposes.* Hacks designed to work on the Fire’s custom version of Android will not work on a Windows PC or a Mac.
*6/13/13 UPDATE: there are now some apps available that allow for file transfers or video/audio streaming from other computing devices to and from your Fire via a wifi connection. But again, since any malware designed to attack your Fire wouldn’t work on some other device (and vice-versa), regardless of wifi connection capability the Fire still isn’t a proliferation-friendly device for malware.
A clever hacker might think he could stash some Windows or Mac malware on your Fire and then unleash it next time you connect to your PC, but it’s not a very effective attack since all PCs and Macs are different and many Kindle Fire owners never connect via USB at all. Typically, malware creators send out automated robots online that seek out the PCs and/or Macs that are already in the optimal configuration to hide and spread their malicious programs. Arranging to have the malicious programs stow away on a Fire would take a lot of work, and quite often would fail to get the desired results.
Anyway, that type of attack would have no effect on your Fire. At the point where malware is transferred from your Fire or any other device to your PC or Mac, it’s your PC or Mac’s virus/malware protection software that needs to take over because it’s your PC or Mac that’s at risk.
Amazon vets all apps for malware before listing them in its Amazon App Store has numerous examples of malware in its app catalog, if you read such reports in full you’ll find what they’re really talking about is “bloatware”, not malware. Bloatware is a largely useless piece of software (or app) that claims to provide some useful functionality (like extending battery life) when in fact most of what it does is push advertising on you or collect data about your device and internet usage to sell to marketers. Malware, on the other hand, actually does damage to the devices it attacks, whether in the form of bogus phone charges, data theft and/or destruction, or even hardware damage.
The best way to avoid bloatware is to check user reviews and permissions requirements before buying or downloading a new app. Apps that demand permissions that don’t seem to be necessary for the functionality the app provides are highly suspicious. To learn more about all the types of permissions apps may require and what each one means, see this article on Technically Personal.
So long as you’re only getting your apps from the Amazon App Store and you’re not hacking your Fire’s software, you’re being about as safe as you can be. “Sideloading” apps means manually copying apps from sources other than the Amazon App Store onto your Fire. That kind of activity definitely opens a door for possible malware attacks, as does hacking your Fire.
Since Amazon is greatly invested in ensuring Fire owners use and love their devices, Amazon is just as greatly invested in preventing any kind of malware attacks on the Fire. If you only ever get your apps from Amazon and don’t hack your device, you are doing about as much as you possibly can to prevent a malware attack on your Fire.
The Kindle Fire doesn’t have the multi-tasking, multi-threading capabilities malware requires to do its work. You may have noticed that it’s impossible to have more than one “window” open on your Fire at any given time. While it is possible to play music in the background while you use the Fire for other tasks, you can never have another window open and running in the background while you’re doing something else in a different window. Malware needs the capability of running another window in the background without your becoming aware of it in order to do its dirty work. Any script that needs to open your Fire’s browser or mail program can only open one or the other of those windows, and the instant it does so, you will know about it because whatever you were doing at the time will immediately come to a halt when the new window opens.
When the first Kindle Fire malware attack inevitably occurs, if history is any indication, it will be via a previously unknown or unexpected avenue. Hackers are absolute geniuses at finding and exploiting software vulnerabilities, and it’s probably only a matter of time before they find a way to make use of the Kindle Fire for their dastardly purposes. However, hackers are also very much aware of existing antivirus / anti-malware technology, and all significant attacks of the past have always exploited an opening that no antivirus / anti-malware software ever saw coming.
Bottom line: if having an antivirus program on your Fire eases your mind, or you’ve found such an app that provides some additional functionality you’d like to have, then go ahead and get an antivirus app for your Fire. But you don’t really need it, and it most definitely will not protect your Fire from future hacks.
This is a reprint of an article I originally wrote for Kindle Fire on Kindle Nation Daily. It is provided here in its entirety with that site’s permission.
* * *
ESET Smart Security is the preferred antivirus/security software of many tech professionals, including me, but it’s very easy to use and is designed with non-techie consumers in mind. I’ve been using it for over five years, and in all that time I’ve never had a security breach or malware problem. Better yet, ESET software is currently being offered at a discount of up to 70% off on Amazon. A 1-user version is currently on sale for $18 (70% off), and the 3-user version is currently priced at just $33 (59% off), both for a full 1-year subscription that includes all updates. I renew my 3-user ESET subscription every year at full price and I think it’s totally worth the money, so if prices are back up to full retail by the time you’re reading this, ESET is STILL a great value.
* * *