As I continue dissecting Fire TV and Fire TV Stick software update 18.104.22.168, I’ve discovered a new system app dedicated to disabling blacklisted apps that Amazon doesn’t want installed. The app is humorously named “Not In My House” and has a package name of com.amazon.tv.nimh. When Amazon first introduced an app blacklist in software version 22.214.171.124, and used it to disable FireStarter and FiredTV Launcher, it was done in a very rudamentary manner. The two blocked apps were hardcoded into the Fire TV’s settings app, which is why it was easy to circumvent the block by changing FireStarter’s package name, which is what FireStopper’s developer did. The new app blocking mechanism introduced with this latest software update is more sophisticated.
The original app blacklist mechanism on the Fire TV and Fire TV Stick was likely just a quick temporary solution for Amazon. Hardcoding app names into the settings app to create a blacklist was certainly not the ideal way to do things. It meant Amazon had to push a settings app update, or worse a full OS update, anytime they wanted to modify the blacklist. The new “Not In My House” (NIMH) system app can be thought of as a proper way to block apps.
NIMH is a dedicated app with the sole purpose of tracking and disabling unwanted apps. Making it a standalone app actually makes it easier for rooted Fire TV owners to disable the blacklist by simply disabling the entire NIMH app, using the adb command
The new app disabling mechanism does not have any hardcoded app names to block. Instead, it appears the app downloads the list of blacklisted apps from Amazon’s servers. This would allow Amazon to more easily and quickly update the blacklist if necessary. On the positive side, because the app relies on a server connection to function, it may be possible to block the app’s ability to download its blacklist using your router or a service like OpenDNS.
In addition to having a dynamic blacklist, NIMH appears to examine not only the package name of the apps you install, but also the package properties. I can’t tell for sure, but this may allow Amazon to block apps by characteristics, instead of package name, which would make things difficult for a developer who wants to circumvent the blacklist, like FireStopper’s developer did when FireStarter was blacklisted.
Currently, it’s unclear if Amazon is actively using NIMH for anything yet. The app does get triggered every time an app is installed, but it may not be doing anything. The old app blacklist in the settings app is still present on the latest software update and seems to still be how FireStarter and FiredTV Launcher are being disabled. Additionally, FireStopper is still not being disabled in the new 126.96.36.199 update.
A more sophisticated app blocking mechanism was expected, given how easily and quickly the old system was circumvented. We’ll see, however, if Amazon decides to use it for anything in the future.
Could you please tell the domain which NIMH uses to get the list of blacklisted apps…Just wanted to know so that, I can block it right away.
I second that!!!
Again, I’m not sure if the app is even being used yet. I’ll know more if/when rbox releases pre-rooted ROMs for 188.8.131.52. A rooted system running 184.108.40.206 will allow more digging than a non-rooted system, which is all I have right now.
Even then, it’s unlikely a simple domain block will work since the domain the blacklist comes from will likely be used by other aspects of the Fire TV. It’s not likely that Amazon will use a unique domain just to serve the blacklist, but it might be possible for sophisticated routers to block the blacklist download if there are consistent patterns in the request.
Right now, I would say there is only a very tiny chance that non-rooted devices will be able to block the blacklist. But that’s better than the old blacklist, which absolutely cannot be blocked by non-rooted devices because it’s hardcoded into the device’s settings app.
I also am curious if you know of a list that describes all the packages inside FireOS? When I “PM List Packages” a lot appear. I would love to disable as many as possible but have very little clue as to what each of them do. Obviously some are named in a way that it could be easily assumed as to what it does.
Or better yet…remove them entirely before flashing the custom rom?!
Sorry, but no, I do not know of such a list, nor do I know what every app does myself. You would have to decompile every system app and examine the code to figure out what it does. This is what I do when I notice a new app has been added, like with this new nimh app, but it would be too time consuming to do it for every app.
Good Looking out! They will for sure start blacklisting apps.
does that mean they can blacklist Kodi?
Yes it does.
It has always been possible to blacklist Kodi, from day one, but the Fire TV has been out for 2 and a half years, and they haven’t done it yet, so it’s unlikely they’ll do it. The blacklist was introduced to stop apps from completely replacing the Fire TV home screen, which Kodi does not do.
Even if they do blacklist Kodi, someone will likely figure out a way around it, since Kodi is so popular. And there is always MrMC, which is officially approved by Amazon and in the appstore.
Anyone know where I can get a Settings APK that’s compatible with 220.127.116.11 please?
why do you need that? it will likely cause more issues than it will solve.
Is this legal? I’m not appreciative of Amazon installing new software that limits functionality I was using without my consent.
Yes and no.
Chances are the EULA says they can.
The usual response to this has either been to complain and hope for something or litigation which can be hit or miss.
Local laws may be helpful but a particular issue here could be that this was not the intended function (after all, the setting is listed under “Developer Options” last time I checked).
Hopefully, this new program will only be used where it’s absolutely necessary or at least restrained (i.e. not kill apps like Kodi).
That said, I’m kind of glad now I got a Shield TV.
Those EULAs should be meaningsless in countries like Germany….
….but as amazon is a US bases company and uses ttax tricks like sale via Luxembourg subsidaries, I see no chance to take legal actions if they block Kodi and others
And: the Fire TV was maybe advwrtiawd and sold here in Germany as a device for playing amazon videos and running apps from the amazon app store.
Sideloading and using apps from other sources was most likely never advertised… and thus can not be fight for in court.
I took the slightly unconventional approach: Combined with the incredible knowledge gleaned from Elias’ blog I contacted my ISP and flat out told them that I purchased (meaning ownership of)a streaming device and I did not wish ANYONE (including the manufacturer) to download any software to it without my express permission. You would be surprised had how happy the tech was to help me configure my router to block incoming traffic from any servers/websites, now I can’t say he speaks for his whole billion dollar company but he fully understood the implications. My ISP told me nothing is guaranteed but so far so good.
well im staying on 5.0.5 until amazon stop phaffing around. Its blocked and updates disabled, so far nothing has failed to work so Amazon can jog on for now. I have a RPI3 sat next to it, mirroring the kodi so i’ll worry when amazon prime and netflix break.
Can’t wait to get my money back for all of the Fire TV devices in my house once Amazon starts blocking the Apps I’ve been able to use since Day One. Class action baby!
Here’s to your $.23!
I bet you every single penny I have you will get nothing from Amazon. No self-respecting law firm would even take your case.
On top of all the terms and conditions of use of the device, Amazon even goes as far as saying:
“c. Changes to Services; Amendments. We may change, suspend, or discontinue the Services, or any part of them, at any time without notice. We may amend any of this Agreement’s terms at our sole discretion by posting the revised terms on the Amazon.com website. Your continued use of the Amazon Device after the effective date of the revised Agreement constitutes your acceptance of the terms.”
Also, Amazon states:
“No Reverse Engineering. You may not, and you will not encourage, assist or authorize any other person to copy, modify, reverse engineer, decompile or disassemble, or otherwise tamper with, the Amazon Software, whether in whole or in part, or create any derivative works from or of the Amazon Software.
Updates. In order to keep the Amazon Software up-to-date, we may offer automatic or manual updates at any time and without notice to you.”
I’m with you
@AFTNews, would there be any benefit to say creating my own app with the package name “com.amazon.tv.nimh”, then disabling it. So on the off chance my device is ever connected to a signal other than my own router and updates/installs the latest SW version it might prevent the “real” nimh from being placed onto my system?
Yes it will
EDIT: I think i’ve traced the quitting issue to Kodi being installed on an external SD card. If i eject and re-seat the card, Kodi launches. (so far so good)
My Fire TV updated to 18.104.22.168 Sunday morning and it uninstalled kodi and is preventing me from reinstalling it. I’ve tried installing kodi with adb fire, total commander, es file explorer and downloader with no success.
Did you cycle the Developer options of and back on?
I have a new Firestick running on OS22.214.171.124. It blocked kodi from downloading through ES File Explorer. I downloaded Kodi via Downloaded. I have been able to download the addons but none work. Is this new ‘nimh’ app blocking the addons??? How do I remove it?
I don’t think that would necessarily be much of a help at this point. It could be tied in with all updates, plus what’s to say this mechanism is designed to block Kodi or Firestopper? It’s all conjecture at this point. What is it’s an insurance policy against future malware attack?
Until they take an action that directly prevents us loading our software; I’m actually going to trust them. Amazon could have prevented us sideloading in the first place. The Firestick, very specifically allowed that behaviour, because they knew it was something, we as purchasers, rate very highly as a feature. Some of their previous/other devices were much harder to circumvent.
I think their head is screwed on for this. They are playing the long game. As long as their own content sales and streaming are not being directly blocked by the hobbyists (or the number doing so is small); they don’t really have high motivations to mess us about, because let’s be frank here. There stick is not the only Android TV player. If their sales drop, not only are they missing sales of the stick itself, but they are also losing potential access to that customer of their services. It works against the Amazon strategy.
Just my two penny/cent worth.