The law ought to require that every system that allows this type of purchase, also enable the device owner to password-protect against ANY purchase. The problem is not just Amazon; it's Android, iOS, and probably all their competitors and most of the apps on them. I've also experienced it with Dish Network. A system set up in the hope of causing accidental purchases is a case of open-and-shut fraud.
If Silicon Valley were to make a magic backdoor that only opened for the good guys with pure intentions, the government wouldn't be able to access it anyway, so I'm not sure why they're pushing for it.
Why does this make "Sleeping Beauty does Anal" pop into my head?
As far as I'm concerned the standard should be what they could have seen in 1800. In other words, any capabilities from tech newer than the Bill of Rights should be denied to police by default unless they get a warrant. (And banned to private snoops as well.)
The way the law is written today, possession is a felony, period. Intent is not required. If some hacker in Russia thinks it's funny to write a virus that loads child porn on your computer and then calls the cops on you, you're a felon.
If the appeals courts had any humanity at all, they'd change that and require proof of intent for any felony conviction. (And put some teeth in the 8th Amendment, so prosecutors couldn't just force you to confess by threatening you with life-without-parole if you go to trial.) But so far, the Supreme Court continues to have a majority of monsters on it.