Amazon knows exactly what you read, when you read it, how fast you read each page, what you highlight, and what you search for. Your Kindle is not a private reading device — it is a reading surveillance device that reports your entire reading life back to Amazon. Amazon says you can turn off reading data sync, but the fine print admits data collection continues anyway. The Kindle itself is designed to report your reading habits to Amazon — "disabling" sync only stops the data from going to your other devices, not from going to Amazon.
What they claim: Amazon markets Kindle as a personal, private reading experience. The Kindle Store Terms state the software collects "your last page read; content that you use, Distribute, or archive; your viewing data and search queries; and available memory, up-time, log files, and signal strength."
What we found: The Kindle companion app requests 60 permissions including ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, READ_PHONE_STATE, COLLECT_METRICS, AD_ID, MANAGE_DEVICE_AND_USER_DATA, and WRITE_USE_APP_FEATURE_SURVEY. It embeds Amazon Advertisement and Amazon Analytics trackers. Amazon tracks every page turn, reading speed, highlights, notes, and search queries — making reading habits one of the most comprehensively surveilled activities on a consumer device.
What they claim: Amazon Privacy Notice states: "We use your personal information to display interest-based ads for features, products, and services that might be of interest to you." Amazon sells "Special Offers" (ad-supported) Kindles at a lower price.
What we found: The Kindle app includes the AD_ID permission (advertising identifier tracking) and embeds the Amazon Advertisement tracker. The device hardware communicates with arcus-uswest.amazon.com and firs-ta-g7g.amazon.com endpoints. Customers who pay full price for an ad-free Kindle still have the advertising infrastructure built into the firmware and app — the AD_ID permission and Amazon Advertisement tracker are present regardless of which model you bought.
What they claim: The Kindle Paperwhite 11th Gen has Bluetooth 5.0 LE for audio output (connecting to Bluetooth headphones/speakers for Audible audiobooks). This is its only Bluetooth use case.
What we found: The Kindle app requests BLUETOOTH, BLUETOOTH_ADMIN, BLUETOOTH_ADVERTISE, BLUETOOTH_CONNECT, and BLUETOOTH_SCAN permissions — five Bluetooth permissions for a device that only needs to pair with audio output devices. BLUETOOTH_SCAN enables discovery of nearby Bluetooth devices (phones, laptops, wearables) and BLUETOOTH_ADVERTISE allows the device to broadcast its presence. These permissions enable Bluetooth-based location tracking and proximity detection far beyond connecting headphones.
What they claim: Amazon Privacy Notice states: "We are not in the business of selling our customers' personal information to others." The notice describes data sharing only with "third-party service providers" performing functions "on our behalf."
What we found: Amazon cross-references Kindle reading data with its broader ecosystem — shopping history, Alexa voice data, Ring camera footage, Whole Foods purchases, and browsing behavior. FTC charged Amazon in 2023 (settled for $25M) for retaining children's data indefinitely despite deletion requests. Mozilla notes Amazon doesn't need to sell data because they have "their own retail and advertising juggernaut" to exploit it internally. Reading habits reveal political views, health concerns, religious beliefs, and sexual interests — all cross-referenced with purchase behavior.
What they claim: Amazon markets Kindle as a safe, trusted reading device. The FCC compliance filing certifies the device meets safety requirements. Amazon states it uses personal information to "protect the security of our customers."
What we found: CVE-2021-30354 and CVE-2021-30355 (Check Point Research) demonstrated full device takeover via a malicious PDF ebook — heap overflow plus privilege escalation to root. The 2025 Black Hat Europe research demonstrated a separate attack chain via malicious Audible audiobook files — heap overflow in the AAX parser combined with keyboard service path traversal achieves root access and Amazon account hijacking. Both attack chains allow stealing Amazon credentials and session cookies. The Kindle stores Amazon account credentials that provide access to the user's entire Amazon account including payment methods.
What they claim: Amazon Privacy Notice says users have choices about data collection. The Kindle Store Terms state information is handled "in accordance with the Amazon.com Privacy Notice."
What we found: Kindle firmware updates are delivered automatically over Wi-Fi with no user opt-out. The device runs custom Linux-based Kindle OS controlled entirely by Amazon. Firmware updates can change what data is collected, add new tracking endpoints, or modify privacy behavior without user consent. The 2025 Black Hat Europe research showed that firmware version 5.17.1 had critical vulnerabilities — the forced update to 5.18.1/5.18.5 was necessary but demonstrates Amazon has unilateral control over device behavior.
What they claim: Amazon offers a setting to disable Whispersync (reading position, notes, and highlights syncing). Amazon help page states users can "opt out of future collection of your reading data by disabling Whispersync."
What we found: Amazon's own documentation reveals: "if you use Kindle Web Reader after turning off Whispersync, all data generated while you use Kindle Web Reader will continue to save to Amazon's servers." The Kindle Store Terms confirm the software collects "your last page read; content that you use, Distribute, or archive; your viewing data and search queries" — this collection is a function of the Kindle Software itself, not just Whispersync. The device communicates with device-messaging-na.amazon.com and cognito-identity.us-east-1.amazonaws.com regardless of Whispersync settings.
What they claim: The Kindle Paperwhite is an e-reader with no maps, navigation, or location-based features. Its core function is displaying text on an E Ink screen.
What we found: The Kindle app requests ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION permissions — GPS-level tracking on a device designed solely for reading books. The device has Wi-Fi and Bluetooth radios (confirmed by FCC filing) but no GPS hardware, meaning location is derived from Wi-Fi triangulation and Bluetooth scanning (BLUETOOTH_SCAN permission). There is no user-facing feature that requires knowing where you are when you read.
What they claim: Kindle Store Terms explicitly state: "Kindle Content is licensed, not sold, to you by the Content Provider." Amazon grants a "non-exclusive right to view, use, and display such Kindle Content" that can be terminated.
What we found: The Kindle Store Terms include: "Your rights under this Agreement will automatically terminate if you fail to comply with any term of this Agreement." Combined with Amazon's data collection of reading habits, highlights, and notes, this means Amazon can both monitor everything you read and revoke your access to your entire library. Mozilla Foundation rated Kindle as "Somewhat creepy" noting Amazon's complicated, fragmented privacy policies across multiple documents.
What they claim: The Kindle Paperwhite is a Wi-Fi-only e-reader with no cellular modem, SIM card, or phone capability. It uses a MediaTek MT8113 processor designed for e-readers.
What we found: The Kindle companion app requests READ_PHONE_STATE and READ_BASIC_PHONE_STATE permissions, which can expose the device IMEI, phone number, carrier information, and call state. On a phone, these permissions allow identifying the specific device and its cellular identity. When the Kindle app runs on a phone (as a reading app), it gains access to telephony identifiers that have nothing to do with reading books — linking your reading habits to your phone identity.