Just a heads up on something I've discovered about the Kindle and Amazon Shopping App on my android tablet. If you don't have either of these then you don't have a problem.
On my tablet I have the Kindle App. Recently Amazon have stopped the ability to buy books via the App (siting Google charging too much as being the problem). Now you have to buy the books through the web site but can still download them to your devices.
Just out of interest I loaded the Amazon Shopping App onto the same tablet that Kindle is on. I wanted to see if you could buy the books through that - you can't.
The real security concern I have is that once the shopping app was installed and I ran it, it logged me in directly without asking for username, password or wanting the 2FA code I normally receive through the web page before I can get in.
This means that without any further checks I could see my account details, addresses, orders and even cards used for payments - although not the complete number. I could even create further delivery addresses or add new cards.
I've had a lengthy 'chat' with Amazon and we tried a few things. If I log out of the shopping app it also logs me out of the Kindle app - and I lose all my downloads and current positions in books. If I then log into the Kindle App it will also log me in to the shopping app. The two are linked.
I'm awaiting a call from Amazon to follow up on this and will let you know the outcome.
The concern is that if my tablet is stolen while unlocked then the Amazon Shopping App is open to all. My wife and daughters also have the Kindle App registered to my account. Should they install the Amazon Shopping App then they will be able to use my account for anything and should they have their tablets stolen, once again the app is open to all.
Not good in my opinion.
On my tablet I have the Kindle App. Recently Amazon have stopped the ability to buy books via the App (siting Google charging too much as being the problem). Now you have to buy the books through the web site but can still download them to your devices.
Just out of interest I loaded the Amazon Shopping App onto the same tablet that Kindle is on. I wanted to see if you could buy the books through that - you can't.
The real security concern I have is that once the shopping app was installed and I ran it, it logged me in directly without asking for username, password or wanting the 2FA code I normally receive through the web page before I can get in.
This means that without any further checks I could see my account details, addresses, orders and even cards used for payments - although not the complete number. I could even create further delivery addresses or add new cards.
I've had a lengthy 'chat' with Amazon and we tried a few things. If I log out of the shopping app it also logs me out of the Kindle app - and I lose all my downloads and current positions in books. If I then log into the Kindle App it will also log me in to the shopping app. The two are linked.
I'm awaiting a call from Amazon to follow up on this and will let you know the outcome.
The concern is that if my tablet is stolen while unlocked then the Amazon Shopping App is open to all. My wife and daughters also have the Kindle App registered to my account. Should they install the Amazon Shopping App then they will be able to use my account for anything and should they have their tablets stolen, once again the app is open to all.
Not good in my opinion.