Motorola Smart Feed Amazon affiliate hijacking: Difference between revisions
new article on motorola smart feed quietly injecting amazon affiliate codes via the moto app launcher, with the device native partnership, the kira-abboud.com intermediary, the unintended statement, and the honey/superfish backdrop |
Archives |
||
| Line 6: | Line 6: | ||
}} | }} | ||
'''Motorola Smart Feed Amazon affiliate hijacking''' was a May 2026 incident in which a preinstalled system app on several Motorola smartphones, Smart Feed version 2.03.0070, silently intercepted user attempts to open the Amazon Shopping app from the device's app drawer & rerouted the launch through Google Chrome to an ad-tech intermediary (devicenative.com) that appended the Amazon Associates affiliate tag <code>sramz-kff-008-20</code> before delivering the user to Amazon.<ref name="9to5g-may25">{{Cite web |last=Schoon |first=Ben |title=Motorola phones have started hijacking the Amazon app to insert affiliate codes |url=https://9to5google.com/2026/05/25/motorola-amazon-app-hijacking-behavior/ | | '''Motorola Smart Feed Amazon affiliate hijacking''' was a May 2026 incident in which a preinstalled system app on several Motorola smartphones, Smart Feed version 2.03.0070, silently intercepted user attempts to open the Amazon Shopping app from the device's app drawer & rerouted the launch through Google Chrome to an ad-tech intermediary (devicenative.com) that appended the Amazon Associates affiliate tag <code>sramz-kff-008-20</code> before delivering the user to Amazon.<ref name="9to5g-may25">{{Cite web |last=Schoon |first=Ben |date=2026-05-25 |title=Motorola phones have started hijacking the Amazon app to insert affiliate codes |url=https://9to5google.com/2026/05/25/motorola-amazon-app-hijacking-behavior/ |url-status=live |archive-url=https://web.archive.org/web/20260527081338/https://9to5google.com/2026/05/25/motorola-amazon-app-hijacking-behavior/ |archive-date=27 May 2026 |access-date=2026-05-27 |publisher=9to5Google}}</ref><ref name="ac-may27">{{Cite web |last=Diaz |first=Nickolas |date=2026-05-27 |title=Motorola was accused of slipping an affiliate link to users' Amazon purchases when using the app, discovered on its recent 2026 foldables |url=https://www.androidcentral.com/phones/motorola/motorola-affiliate-codes-your-amazon-orders-states-this-was-unintended |url-status=live |archive-url=https://web.archive.org/web/20260528044937/https://www.androidcentral.com/phones/motorola/motorola-affiliate-codes-your-amazon-orders-states-this-was-unintended |archive-date=28 May 2026 |access-date=2026-05-27 |publisher=Android Central}}</ref> TechRadar wrote that Motorola was, in effect, quietly collecting an affiliate fee on every Amazon purchase its users made from the app drawer.<ref name="techradar">{{Cite web |date=2026-05-26 |title=Is this the Honey scandal all over again? Motorola phones caught adding affiliate codes to Amazon orders |url=https://www.techradar.com/phones/motorola-phones/is-this-the-honey-scandal-all-over-again-motorola-phones-caught-adding-affiliate-codes-to-amazon-orders |url-status=live |archive-url=https://web.archive.org/web/20260528151038/https://www.techradar.com/phones/motorola-phones/is-this-the-honey-scandal-all-over-again-motorola-phones-caught-adding-affiliate-codes-to-amazon-orders |archive-date=28 May 2026 |access-date=2026-05-28 |publisher=TechRadar}}</ref> Motorola, a [[Lenovo]] subsidiary, called the behavior ''"unintended"'' on May 27, 2026 & deployed a server-side routing-configuration fix the same day.<ref name="9to5g-may27">{{Cite web |date=2026-05-27 |title=Motorola says Amazon app affiliate behavior was "unintended," routing config fixed |url=https://9to5google.com/2026/05/27/motorola-amazon-app-unintended/ |url-status=live |archive-url=https://web.archive.org/web/20260528100732/https://9to5google.com/2026/05/27/motorola-amazon-app-unintended/ |archive-date=28 May 2026 |access-date=2026-05-27 |publisher=9to5Google}}</ref> | ||
== Background == | ==Background== | ||
Smart Feed is a hidden, preinstalled system component on Motorola Android devices that powers the ''"app search and suggestion experience"'' inside the Moto App Launcher.<ref name="9to5g-may27" /><ref name="ac-may27" /> The component is built into Motorola's launcher and is capable of intercepting the click action that fires when a user taps an icon in the app drawer.<ref name="9to5g-may25" /> | Smart Feed is a hidden, preinstalled system component on Motorola Android devices that powers the ''"app search and suggestion experience"'' inside the Moto App Launcher.<ref name="9to5g-may27" /><ref name="ac-may27" /> The component is built into Motorola's launcher and is capable of intercepting the click action that fires when a user taps an icon in the app drawer.<ref name="9to5g-may25" /> | ||
Device Native, an ad-tech firm that markets itself as a provider of ''"personalized, on-device mobile ads,"'' built the integration jointly with Motorola & published a developer guide for the Moto App Launcher before the incident became public.<ref name="ap">{{Cite web |last=Pandey |first=Rajesh |title=Your Motorola phone might be secretly monetizing your Amazon clicks |url=https://www.androidpolice.com/motorola-phone-might-secretly-monetizing-your-amazon-clicks/ | | Device Native, an ad-tech firm that markets itself as a provider of ''"personalized, on-device mobile ads,"'' built the integration jointly with Motorola & published a developer guide for the Moto App Launcher before the incident became public.<ref name="ap">{{Cite web |last=Pandey |first=Rajesh |date=2026-05-26 |title=Your Motorola phone might be secretly monetizing your Amazon clicks |url=https://www.androidpolice.com/motorola-phone-might-secretly-monetizing-your-amazon-clicks/ |url-status=live |archive-url=https://web.archive.org/web/20260527100223/https://www.androidpolice.com/motorola-phone-might-secretly-monetizing-your-amazon-clicks/ |archive-date=27 May 2026 |access-date=2026-05-28 |publisher=Android Police}}</ref><ref name="msyrup">{{Cite web |date=2026-05-27 |title=Motorola confirms its phones were 'hijacking' the Amazon app |url=https://mobilesyrup.com/2026/05/27/motorola-confirms-its-phones-were-hijacking-the-amazon-app/ |url-status=live |archive-url=https://ghostarchive.org/archive/6egio |archive-date=29 May 2026 |access-date=2026-05-28 |publisher=MobileSyrup}}</ref> | ||
Lenovo, Motorola's parent, has a prior Federal Trade Commission settlement over preinstalled-software misconduct (see [[#Lenovo's prior Superfish settlement|below]]). | Lenovo, Motorola's parent, has a prior Federal Trade Commission settlement over preinstalled-software misconduct (see [[#Lenovo's prior Superfish settlement|below]]). | ||
== The interception == | ==The interception== | ||
Smart Feed v2.03.0070 was the only build to exhibit the redirect. Devices on the prior build, v2.03.0056, did not exhibit it, & the redirect only fired when the user launched Amazon from the app drawer; opening Amazon from a home-screen shortcut, the recent-apps menu, or a widget bypassed the interception entirely.<ref name="9to5g-may25" /><ref name="newsx">{{Cite web |last=Ziyauddin |first=Syed |title=Motorola Smart Feed Controversy: Users Claim Amazon App Launches Were Hijacked With Hidden Affiliate Links |url=https://www.newsx.com/tech-and-auto/motorola-smart-feed-controversy-users-claim-amazon-app-launches-were-hijacked-with-hidden-affiliate-links-226594/ | | Smart Feed v2.03.0070 was the only build to exhibit the redirect. Devices on the prior build, v2.03.0056, did not exhibit it, & the redirect only fired when the user launched Amazon from the app drawer; opening Amazon from a home-screen shortcut, the recent-apps menu, or a widget bypassed the interception entirely.<ref name="9to5g-may25" /><ref name="newsx">{{Cite web |last=Ziyauddin |first=Syed |date=2026-05-27 |title=Motorola Smart Feed Controversy: Users Claim Amazon App Launches Were Hijacked With Hidden Affiliate Links |url=https://www.newsx.com/tech-and-auto/motorola-smart-feed-controversy-users-claim-amazon-app-launches-were-hijacked-with-hidden-affiliate-links-226594/ |url-status=live |archive-url=https://web.archive.org/web/20260528064914/https://www.newsx.com/tech-and-auto/motorola-smart-feed-controversy-users-claim-amazon-app-launches-were-hijacked-with-hidden-affiliate-links-226594/ |archive-date=28 May 2026 |access-date=2026-05-28 |publisher=NewsX}}</ref> | ||
An Android Debug Bridge (ADB) network log captured by a user who reported it on May 25, 2026 first surfaced the behavior publicly, showing Smart Feed firing a click action against the Amazon Shopping app & a background HTTP request to devicenative.com to fetch the targeting & affiliate parameters. 9to5Google reproduced the behavior on a Motorola Razr Fold the same day, publishing a video that captured a brief Chrome window flashing on the screen before Amazon opened, & described the user-visible flow as a ''"blink and you missed it"'' moment.<ref name="9to5g-may25" /> | An Android Debug Bridge (ADB) network log captured by a user who reported it on May 25, 2026 first surfaced the behavior publicly, showing Smart Feed firing a click action against the Amazon Shopping app & a background HTTP request to devicenative.com to fetch the targeting & affiliate parameters. 9to5Google reproduced the behavior on a Motorola Razr Fold the same day, publishing a video that captured a brief Chrome window flashing on the screen before Amazon opened, & described the user-visible flow as a ''"blink and you missed it"'' moment.<ref name="9to5g-may25" /> | ||
| Line 24: | Line 24: | ||
Tapping the Amazon Shopping icon in the Moto App Launcher's app drawer triggered the following sequence: Smart Feed intercepted the launch intent; Chrome briefly opened in the foreground; Chrome issued a request to devicenative.com, which redirected through a second domain, <code>kira-abboud.com</code>; that domain in turn issued a redirect to amazon.com carrying the affiliate tag <code>sramz-kff-008-20</code>; finally the Amazon Shopping app opened with the affiliate cookie attached to the session.<ref name="9to5g-may25" /><ref name="newsx" /> | Tapping the Amazon Shopping icon in the Moto App Launcher's app drawer triggered the following sequence: Smart Feed intercepted the launch intent; Chrome briefly opened in the foreground; Chrome issued a request to devicenative.com, which redirected through a second domain, <code>kira-abboud.com</code>; that domain in turn issued a redirect to amazon.com carrying the affiliate tag <code>sramz-kff-008-20</code>; finally the Amazon Shopping app opened with the affiliate cookie attached to the session.<ref name="9to5g-may25" /><ref name="newsx" /> | ||
Independent reproduction by tech press confirmed the behavior on the Motorola Razr Fold & the Motorola Razr 60 Ultra.<ref name="9to5g-may25" /><ref name="ap" /> Notebookcheck reported that the Motorola Edge 70 ships with the same preinstalled Smart Feed app.<ref name="nbc">{{Cite web |last=Brecher |first=Hannes |title=Motorola smartphones hijack shopping apps to make money from sales |url=https://www.notebookcheck.net/Motorola-smartphones-hijack-shopping-apps-to-make-money-from-sales.1306845.0.html | | Independent reproduction by tech press confirmed the behavior on the Motorola Razr Fold & the Motorola Razr 60 Ultra.<ref name="9to5g-may25" /><ref name="ap" /> Notebookcheck reported that the Motorola Edge 70 ships with the same preinstalled Smart Feed app.<ref name="nbc">{{Cite web |last=Brecher |first=Hannes |date=2026-05-26 |title=Motorola smartphones hijack shopping apps to make money from sales |url=https://www.notebookcheck.net/Motorola-smartphones-hijack-shopping-apps-to-make-money-from-sales.1306845.0.html |url-status=live |archive-url=https://web.archive.org/web/20260527165309/https://www.notebookcheck.net/Motorola-smartphones-hijack-shopping-apps-to-make-money-from-sales.1306845.0.html |archive-date=27 May 2026 |access-date=2026-05-28 |publisher=Notebookcheck}}</ref> 9to5Google tested a Motorola Razr (2026) & a Moto G Stylus (2026) running the same Smart Feed build & could not reproduce the redirect on either, indicating the targeting configuration on Device Native's server was scoped to a subset of US devices rather than to every install of v2.03.0070.<ref name="9to5g-may25" /> Motorola later stated that the issue was limited to users in the United States.<ref name="9to5g-may27" /> | ||
== The intermediary domain and the affiliate tag == | ==The intermediary domain and the affiliate tag== | ||
The second hop in the redirect chain, <code>kira-abboud.com</code>, presents the branding of fashion influencer Kira Abboud, who publishes on social media under the handle @kirasfashionfinds.<ref name="9to5g-may25" /><ref name="ap" /> Journalists who compared the injected tag against the affiliate codes Abboud publishes on her own channels found that <code>sramz-kff-008-20</code> did not match any of her published tags, & no reporting surfaced any evidence of a direct relationship between Abboud & Motorola or Device Native.<ref name="9to5g-may25" /><ref name="droidlife">{{Cite web |title=Motorola phones are hijacking links to make affiliate cash |url=https://www.droid-life.com/2026/05/26/motorola-phones-are-hijacking-links-to-make-affiliate-cash/ | | The second hop in the redirect chain, <code>kira-abboud.com</code>, presents the branding of fashion influencer Kira Abboud, who publishes on social media under the handle @kirasfashionfinds.<ref name="9to5g-may25" /><ref name="ap" /> Journalists who compared the injected tag against the affiliate codes Abboud publishes on her own channels found that <code>sramz-kff-008-20</code> did not match any of her published tags, & no reporting surfaced any evidence of a direct relationship between Abboud & Motorola or Device Native.<ref name="9to5g-may25" /><ref name="droidlife">{{Cite web |date=2026-05-26 |title=Motorola phones are hijacking links to make affiliate cash |url=https://www.droid-life.com/2026/05/26/motorola-phones-are-hijacking-links-to-make-affiliate-cash/ |url-status=live |archive-url=https://web.archive.org/web/20260528181729/https://www.droid-life.com/2026/05/26/motorola-phones-are-hijacking-links-to-make-affiliate-cash/ |archive-date=28 May 2026 |access-date=2026-05-27 |publisher=Droid Life}}</ref> Reporters at Droid Life & Android Police described the most plausible reading as the influencer's brand being used as a shell by an intermediary in the ad network, with the ultimate recipient of the Amazon Associates payouts unknown to the public.<ref name="droidlife" /><ref name="ap" /> | ||
The entity collecting the commissions tied to <code>sramz-kff-008-20</code> has not been publicly identified in any reporting on the incident.<ref name="droidlife" /><ref name="ap" /> | The entity collecting the commissions tied to <code>sramz-kff-008-20</code> has not been publicly identified in any reporting on the incident.<ref name="droidlife" /><ref name="ap" /> | ||
== Revenue impact == | ==Revenue impact== | ||
Because Smart Feed injected its tag every time a user opened the Amazon app from the drawer, any subsequent purchase the user made on Amazon credited the injected tag rather than the user's own browsing path. TechRadar summarized the effect as Motorola ''"quietly"'' collecting an affiliate fee on purchases it had no involvement in.<ref name="techradar" /> Notebookcheck observed that the practice does not raise the prices consumers pay; instead, the manufacturer extracts a sales commission from Amazon's affiliate program without disclosure.<ref name="nbc" /> | Because Smart Feed injected its tag every time a user opened the Amazon app from the drawer, any subsequent purchase the user made on Amazon credited the injected tag rather than the user's own browsing path. TechRadar summarized the effect as Motorola ''"quietly"'' collecting an affiliate fee on purchases it had no involvement in.<ref name="techradar" /> Notebookcheck observed that the practice does not raise the prices consumers pay; instead, the manufacturer extracts a sales commission from Amazon's affiliate program without disclosure.<ref name="nbc" /> | ||
TechRadar & Mashable both drew the parallel to the [[Honey (PayPal) browser extension affiliate hijacking|Honey]] class action against PayPal, in which a browser extension was accused of swapping creators' affiliate codes for its own at checkout.<ref name="techradar" /><ref name="mashable">{{Cite web |last=Binder |first=Matt |title=Motorola phones are reportedly injecting affiliate codes into the Amazon app |url=https://tech.yahoo.com/phones/articles/motorola-phones-reportedly-injecting-affiliate-173417588.html | | TechRadar & Mashable both drew the parallel to the [[Honey (PayPal) browser extension affiliate hijacking|Honey]] class action against PayPal, in which a browser extension was accused of swapping creators' affiliate codes for its own at checkout.<ref name="techradar" /><ref name="mashable">{{Cite web |last=Binder |first=Matt |date=2026-05-26 |title=Motorola phones are reportedly injecting affiliate codes into the Amazon app |url=https://tech.yahoo.com/phones/articles/motorola-phones-reportedly-injecting-affiliate-173417588.html |url-status=live |archive-url=https://ghostarchive.org/archive/SfEOC |archive-date=29 May 2026 |access-date=2026-05-28 |publisher=Mashable |via=Yahoo Tech}}</ref> | ||
== Motorola's response == | ==Motorola's response== | ||
Device Native made no public statement during or after the incident. The company removed its Moto App Launcher integration guide & subsequently took down the rest of its public-facing developer documentation site.<ref name="msyrup" /><ref name="9to5g-may25" /> | Device Native made no public statement during or after the incident. The company removed its Moto App Launcher integration guide & subsequently took down the rest of its public-facing developer documentation site.<ref name="msyrup" /><ref name="9to5g-may25" /> | ||
| Line 48: | Line 48: | ||
The fix was deployed server-side as a routing-configuration change, ending the redirects on affected devices without requiring users to install an updated version of Smart Feed.<ref name="9to5g-may27" /><ref name="msyrup" /> | The fix was deployed server-side as a routing-configuration change, ending the redirects on affected devices without requiring users to install an updated version of Smart Feed.<ref name="9to5g-may27" /><ref name="msyrup" /> | ||
== Legal context == | ==Legal context== | ||
=== Honey class action === | ===Honey class action=== | ||
The pending litigation TechRadar & Mashable pointed to is ''Wendover Productions, LLC et al. v. PayPal Inc.'', filed in California federal court & consolidated with more than two dozen similar actions into ''In re PayPal Honey Browser Extension Litigation''.<ref name="orrick">{{Cite web |title=PayPal Secures Another Victory in Consolidated Honey Browser Extension Cases |url=https://www.orrick.com/en/News/2025/12/PayPal-Secures-Another-Victory-in-Consolidated-Honey-Browser-Extension-Cases | | The pending litigation TechRadar & Mashable pointed to is ''Wendover Productions, LLC et al. v. PayPal Inc.'', filed in California federal court & consolidated with more than two dozen similar actions into ''In re PayPal Honey Browser Extension Litigation''.<ref name="orrick">{{Cite web |date=2025-12-03 |title=PayPal Secures Another Victory in Consolidated Honey Browser Extension Cases |url=https://www.orrick.com/en/News/2025/12/PayPal-Secures-Another-Victory-in-Consolidated-Honey-Browser-Extension-Cases |url-status=live |archive-url=https://web.archive.org/web/20260324191516/https://www.orrick.com/en/news/2025/12/paypal-secures-another-victory-in-consolidated-honey-browser-extension-cases |archive-date=24 March 2026 |access-date=2026-05-28 |publisher=Orrick, Herrington & Sutcliffe LLP}}</ref><ref name="cohen-milstein">{{Cite web |title=In Re PayPal Honey Browser Extension Litigation |url=https://www.cohenmilstein.com/case-study/in-re-paypal-honey-browser-extension-litigation/ |url-status=live |archive-url=https://web.archive.org/web/20260314142115/https://www.cohenmilstein.com/case-study/in-re-paypal-honey-browser-extension-litigation/ |archive-date=14 March 2026 |access-date=2026-05-28 |publisher=Cohen Milstein Sellers & Toll PLLC}}</ref> The plaintiffs, content creators including bloggers & social-media producers, allege that PayPal's Honey browser extension diverted their affiliate commissions by manipulating tracking cookies at checkout.<ref name="cohen-milstein" /> On November 21, 2025, the court dismissed the consolidated complaint without prejudice, ruling that the plaintiffs had not adequately pleaded a cognizable injury traceable to PayPal; the court granted leave to amend & the case remains active.<ref name="orrick" /> | ||
=== Lenovo's prior Superfish settlement === | ===Lenovo's prior Superfish settlement=== | ||
The Motorola incident is the second advertising-injection matter involving Lenovo-branded consumer hardware. Beginning in August 2014, Lenovo shipped consumer laptops with VisualDiscovery, advertising software developed by Superfish, Inc. that acted as a man-in-the-middle on encrypted web traffic to inject pop-up ads. In September 2017, Lenovo settled charges brought by the Federal Trade Commission & 32 state attorneys general over the practice; the FTC settlement prohibited Lenovo from misrepresenting features of preloaded ad-injecting or data-transmitting software, required Lenovo to obtain consumers' affirmative consent before pre-installing software of that kind, & required Lenovo to implement a software security program for most preloaded software for 20 years.<ref name="ftc-superfish">{{Cite web |title=Lenovo Settles FTC Charges it Harmed Consumers With Preinstalled Software on its Laptops that Compromised Online Security |url=https://www.ftc.gov/news-events/news/press-releases/2017/09/lenovo-settles-ftc-charges-it-harmed-consumers-preinstalled-software-its-laptops-compromised-online | | The Motorola incident is the second advertising-injection matter involving Lenovo-branded consumer hardware. Beginning in August 2014, Lenovo shipped consumer laptops with VisualDiscovery, advertising software developed by Superfish, Inc. that acted as a man-in-the-middle on encrypted web traffic to inject pop-up ads. In September 2017, Lenovo settled charges brought by the Federal Trade Commission & 32 state attorneys general over the practice; the FTC settlement prohibited Lenovo from misrepresenting features of preloaded ad-injecting or data-transmitting software, required Lenovo to obtain consumers' affirmative consent before pre-installing software of that kind, & required Lenovo to implement a software security program for most preloaded software for 20 years.<ref name="ftc-superfish">{{Cite web |date=2017-09-05 |title=Lenovo Settles FTC Charges it Harmed Consumers With Preinstalled Software on its Laptops that Compromised Online Security |url=https://www.ftc.gov/news-events/news/press-releases/2017/09/lenovo-settles-ftc-charges-it-harmed-consumers-preinstalled-software-its-laptops-compromised-online |url-status=live |archive-url=https://web.archive.org/web/20260419085802/https://www.ftc.gov/news-events/news/press-releases/2017/09/lenovo-settles-ftc-charges-it-harmed-consumers-preinstalled-software-its-laptops-compromised-online |archive-date=19 April 2026 |access-date=2026-05-28 |publisher=Federal Trade Commission}}</ref> | ||
== See also == | ==See also== | ||
* [[Lenovo]] | *[[Lenovo]] | ||
* [[Motorola]] | *[[Motorola]] | ||
* [[Honey (PayPal) browser extension affiliate hijacking]] | *[[Honey (PayPal) browser extension affiliate hijacking]] | ||
* [[Superfish]] | *[[Superfish]] | ||
== References == | ==References== | ||
{{reflist}} | {{reflist}} | ||
Latest revision as of 15:11, 29 May 2026
Motorola Smart Feed Amazon affiliate hijacking was a May 2026 incident in which a preinstalled system app on several Motorola smartphones, Smart Feed version 2.03.0070, silently intercepted user attempts to open the Amazon Shopping app from the device's app drawer & rerouted the launch through Google Chrome to an ad-tech intermediary (devicenative.com) that appended the Amazon Associates affiliate tag sramz-kff-008-20 before delivering the user to Amazon.[1][2] TechRadar wrote that Motorola was, in effect, quietly collecting an affiliate fee on every Amazon purchase its users made from the app drawer.[3] Motorola, a Lenovo subsidiary, called the behavior "unintended" on May 27, 2026 & deployed a server-side routing-configuration fix the same day.[4]
Background
[edit | edit source]Smart Feed is a hidden, preinstalled system component on Motorola Android devices that powers the "app search and suggestion experience" inside the Moto App Launcher.[4][2] The component is built into Motorola's launcher and is capable of intercepting the click action that fires when a user taps an icon in the app drawer.[1]
Device Native, an ad-tech firm that markets itself as a provider of "personalized, on-device mobile ads," built the integration jointly with Motorola & published a developer guide for the Moto App Launcher before the incident became public.[5][6]
Lenovo, Motorola's parent, has a prior Federal Trade Commission settlement over preinstalled-software misconduct (see below).
The interception
[edit | edit source]Smart Feed v2.03.0070 was the only build to exhibit the redirect. Devices on the prior build, v2.03.0056, did not exhibit it, & the redirect only fired when the user launched Amazon from the app drawer; opening Amazon from a home-screen shortcut, the recent-apps menu, or a widget bypassed the interception entirely.[1][7]
An Android Debug Bridge (ADB) network log captured by a user who reported it on May 25, 2026 first surfaced the behavior publicly, showing Smart Feed firing a click action against the Amazon Shopping app & a background HTTP request to devicenative.com to fetch the targeting & affiliate parameters. 9to5Google reproduced the behavior on a Motorola Razr Fold the same day, publishing a video that captured a brief Chrome window flashing on the screen before Amazon opened, & described the user-visible flow as a "blink and you missed it" moment.[1]
Tapping the Amazon Shopping icon in the Moto App Launcher's app drawer triggered the following sequence: Smart Feed intercepted the launch intent; Chrome briefly opened in the foreground; Chrome issued a request to devicenative.com, which redirected through a second domain, kira-abboud.com; that domain in turn issued a redirect to amazon.com carrying the affiliate tag sramz-kff-008-20; finally the Amazon Shopping app opened with the affiliate cookie attached to the session.[1][7]
Independent reproduction by tech press confirmed the behavior on the Motorola Razr Fold & the Motorola Razr 60 Ultra.[1][5] Notebookcheck reported that the Motorola Edge 70 ships with the same preinstalled Smart Feed app.[8] 9to5Google tested a Motorola Razr (2026) & a Moto G Stylus (2026) running the same Smart Feed build & could not reproduce the redirect on either, indicating the targeting configuration on Device Native's server was scoped to a subset of US devices rather than to every install of v2.03.0070.[1] Motorola later stated that the issue was limited to users in the United States.[4]
The intermediary domain and the affiliate tag
[edit | edit source]The second hop in the redirect chain, kira-abboud.com, presents the branding of fashion influencer Kira Abboud, who publishes on social media under the handle @kirasfashionfinds.[1][5] Journalists who compared the injected tag against the affiliate codes Abboud publishes on her own channels found that sramz-kff-008-20 did not match any of her published tags, & no reporting surfaced any evidence of a direct relationship between Abboud & Motorola or Device Native.[1][9] Reporters at Droid Life & Android Police described the most plausible reading as the influencer's brand being used as a shell by an intermediary in the ad network, with the ultimate recipient of the Amazon Associates payouts unknown to the public.[9][5]
The entity collecting the commissions tied to sramz-kff-008-20 has not been publicly identified in any reporting on the incident.[9][5]
Revenue impact
[edit | edit source]Because Smart Feed injected its tag every time a user opened the Amazon app from the drawer, any subsequent purchase the user made on Amazon credited the injected tag rather than the user's own browsing path. TechRadar summarized the effect as Motorola "quietly" collecting an affiliate fee on purchases it had no involvement in.[3] Notebookcheck observed that the practice does not raise the prices consumers pay; instead, the manufacturer extracts a sales commission from Amazon's affiliate program without disclosure.[8]
TechRadar & Mashable both drew the parallel to the Honey class action against PayPal, in which a browser extension was accused of swapping creators' affiliate codes for its own at checkout.[3][10]
Motorola's response
[edit | edit source]Device Native made no public statement during or after the incident. The company removed its Moto App Launcher integration guide & subsequently took down the rest of its public-facing developer documentation site.[6][1]
Motorola issued a statement to multiple press outlets on May 27, 2026. A Motorola spokesperson told 9to5Google, Android Central, & other outlets:
Motorola and Device Native jointly developed an app search and suggestion experience for the Moto App Launcher, designed to help users quickly find and launch apps they already have installed on their devices. Recently, Motorola acted quickly to resolve an issue that was identified, which caused some users in the U.S. launching the Amazon Shopping app to be routed through a web tracking link before opening the app. This behavior was unintended and resulted in an inconsistent user experience. Upon identifying the issue, we promptly corrected the routing configuration. Users can now expect all installed apps to launch directly as intended. Motorola takes user experience, privacy, and platform integrity seriously and will continue to closely monitor the system to ensure expected behavior across devices. We are committed to responsible disclosure, and to transparent, collaborative engagement with researchers to identify and address potential issues swiftly.
The fix was deployed server-side as a routing-configuration change, ending the redirects on affected devices without requiring users to install an updated version of Smart Feed.[4][6]
Legal context
[edit | edit source]Honey class action
[edit | edit source]The pending litigation TechRadar & Mashable pointed to is Wendover Productions, LLC et al. v. PayPal Inc., filed in California federal court & consolidated with more than two dozen similar actions into In re PayPal Honey Browser Extension Litigation.[11][12] The plaintiffs, content creators including bloggers & social-media producers, allege that PayPal's Honey browser extension diverted their affiliate commissions by manipulating tracking cookies at checkout.[12] On November 21, 2025, the court dismissed the consolidated complaint without prejudice, ruling that the plaintiffs had not adequately pleaded a cognizable injury traceable to PayPal; the court granted leave to amend & the case remains active.[11]
Lenovo's prior Superfish settlement
[edit | edit source]The Motorola incident is the second advertising-injection matter involving Lenovo-branded consumer hardware. Beginning in August 2014, Lenovo shipped consumer laptops with VisualDiscovery, advertising software developed by Superfish, Inc. that acted as a man-in-the-middle on encrypted web traffic to inject pop-up ads. In September 2017, Lenovo settled charges brought by the Federal Trade Commission & 32 state attorneys general over the practice; the FTC settlement prohibited Lenovo from misrepresenting features of preloaded ad-injecting or data-transmitting software, required Lenovo to obtain consumers' affirmative consent before pre-installing software of that kind, & required Lenovo to implement a software security program for most preloaded software for 20 years.[13]
See also
[edit | edit source]References
[edit | edit source]- ↑ 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 Schoon, Ben (2026-05-25). "Motorola phones have started hijacking the Amazon app to insert affiliate codes". 9to5Google. Archived from the original on 27 May 2026. Retrieved 2026-05-27.
- ↑ 2.0 2.1 2.2 Diaz, Nickolas (2026-05-27). "Motorola was accused of slipping an affiliate link to users' Amazon purchases when using the app, discovered on its recent 2026 foldables". Android Central. Archived from the original on 28 May 2026. Retrieved 2026-05-27.
- ↑ 3.0 3.1 3.2 "Is this the Honey scandal all over again? Motorola phones caught adding affiliate codes to Amazon orders". TechRadar. 2026-05-26. Archived from the original on 28 May 2026. Retrieved 2026-05-28.
- ↑ 4.0 4.1 4.2 4.3 4.4 "Motorola says Amazon app affiliate behavior was "unintended," routing config fixed". 9to5Google. 2026-05-27. Archived from the original on 28 May 2026. Retrieved 2026-05-27.
- ↑ 5.0 5.1 5.2 5.3 5.4 Pandey, Rajesh (2026-05-26). "Your Motorola phone might be secretly monetizing your Amazon clicks". Android Police. Archived from the original on 27 May 2026. Retrieved 2026-05-28.
- ↑ 6.0 6.1 6.2 "Motorola confirms its phones were 'hijacking' the Amazon app". MobileSyrup. 2026-05-27. Archived from the original on 29 May 2026. Retrieved 2026-05-28.
- ↑ 7.0 7.1 Ziyauddin, Syed (2026-05-27). "Motorola Smart Feed Controversy: Users Claim Amazon App Launches Were Hijacked With Hidden Affiliate Links". NewsX. Archived from the original on 28 May 2026. Retrieved 2026-05-28.
- ↑ 8.0 8.1 Brecher, Hannes (2026-05-26). "Motorola smartphones hijack shopping apps to make money from sales". Notebookcheck. Archived from the original on 27 May 2026. Retrieved 2026-05-28.
- ↑ 9.0 9.1 9.2 "Motorola phones are hijacking links to make affiliate cash". Droid Life. 2026-05-26. Archived from the original on 28 May 2026. Retrieved 2026-05-27.
- ↑ Binder, Matt (2026-05-26). "Motorola phones are reportedly injecting affiliate codes into the Amazon app". Mashable. Archived from the original on 29 May 2026. Retrieved 2026-05-28 – via Yahoo Tech.
- ↑ 11.0 11.1 "PayPal Secures Another Victory in Consolidated Honey Browser Extension Cases". Orrick, Herrington & Sutcliffe LLP. 2025-12-03. Archived from the original on 24 March 2026. Retrieved 2026-05-28.
- ↑ 12.0 12.1 "In Re PayPal Honey Browser Extension Litigation". Cohen Milstein Sellers & Toll PLLC. Archived from the original on 14 March 2026. Retrieved 2026-05-28.
- ↑ "Lenovo Settles FTC Charges it Harmed Consumers With Preinstalled Software on its Laptops that Compromised Online Security". Federal Trade Commission. 2017-09-05. Archived from the original on 19 April 2026. Retrieved 2026-05-28.