Consumer Rights Wiki

Motorola Smart Feed Amazon affiliate hijacking

Revision as of 15:11, 29 May 2026 by Neige (talk | contribs) (Archives)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Motorola Smart Feed Amazon affiliate hijacking was a May 2026 incident in which a preinstalled system app on several Motorola smartphones, Smart Feed version 2.03.0070, silently intercepted user attempts to open the Amazon Shopping app from the device's app drawer & rerouted the launch through Google Chrome to an ad-tech intermediary (devicenative.com) that appended the Amazon Associates affiliate tag sramz-kff-008-20 before delivering the user to Amazon.[1][2] TechRadar wrote that Motorola was, in effect, quietly collecting an affiliate fee on every Amazon purchase its users made from the app drawer.[3] Motorola, a Lenovo subsidiary, called the behavior "unintended" on May 27, 2026 & deployed a server-side routing-configuration fix the same day.[4]

Background

Smart Feed is a hidden, preinstalled system component on Motorola Android devices that powers the "app search and suggestion experience" inside the Moto App Launcher.[4][2] The component is built into Motorola's launcher and is capable of intercepting the click action that fires when a user taps an icon in the app drawer.[1]

Device Native, an ad-tech firm that markets itself as a provider of "personalized, on-device mobile ads," built the integration jointly with Motorola & published a developer guide for the Moto App Launcher before the incident became public.[5][6]

Lenovo, Motorola's parent, has a prior Federal Trade Commission settlement over preinstalled-software misconduct (see below).

The interception

Smart Feed v2.03.0070 was the only build to exhibit the redirect. Devices on the prior build, v2.03.0056, did not exhibit it, & the redirect only fired when the user launched Amazon from the app drawer; opening Amazon from a home-screen shortcut, the recent-apps menu, or a widget bypassed the interception entirely.[1][7]

An Android Debug Bridge (ADB) network log captured by a user who reported it on May 25, 2026 first surfaced the behavior publicly, showing Smart Feed firing a click action against the Amazon Shopping app & a background HTTP request to devicenative.com to fetch the targeting & affiliate parameters. 9to5Google reproduced the behavior on a Motorola Razr Fold the same day, publishing a video that captured a brief Chrome window flashing on the screen before Amazon opened, & described the user-visible flow as a "blink and you missed it" moment.[1]

Tapping the Amazon Shopping icon in the Moto App Launcher's app drawer triggered the following sequence: Smart Feed intercepted the launch intent; Chrome briefly opened in the foreground; Chrome issued a request to devicenative.com, which redirected through a second domain, kira-abboud.com; that domain in turn issued a redirect to amazon.com carrying the affiliate tag sramz-kff-008-20; finally the Amazon Shopping app opened with the affiliate cookie attached to the session.[1][7]

Independent reproduction by tech press confirmed the behavior on the Motorola Razr Fold & the Motorola Razr 60 Ultra.[1][5] Notebookcheck reported that the Motorola Edge 70 ships with the same preinstalled Smart Feed app.[8] 9to5Google tested a Motorola Razr (2026) & a Moto G Stylus (2026) running the same Smart Feed build & could not reproduce the redirect on either, indicating the targeting configuration on Device Native's server was scoped to a subset of US devices rather than to every install of v2.03.0070.[1] Motorola later stated that the issue was limited to users in the United States.[4]

The intermediary domain and the affiliate tag

The second hop in the redirect chain, kira-abboud.com, presents the branding of fashion influencer Kira Abboud, who publishes on social media under the handle @kirasfashionfinds.[1][5] Journalists who compared the injected tag against the affiliate codes Abboud publishes on her own channels found that sramz-kff-008-20 did not match any of her published tags, & no reporting surfaced any evidence of a direct relationship between Abboud & Motorola or Device Native.[1][9] Reporters at Droid Life & Android Police described the most plausible reading as the influencer's brand being used as a shell by an intermediary in the ad network, with the ultimate recipient of the Amazon Associates payouts unknown to the public.[9][5]

The entity collecting the commissions tied to sramz-kff-008-20 has not been publicly identified in any reporting on the incident.[9][5]

Revenue impact

Because Smart Feed injected its tag every time a user opened the Amazon app from the drawer, any subsequent purchase the user made on Amazon credited the injected tag rather than the user's own browsing path. TechRadar summarized the effect as Motorola "quietly" collecting an affiliate fee on purchases it had no involvement in.[3] Notebookcheck observed that the practice does not raise the prices consumers pay; instead, the manufacturer extracts a sales commission from Amazon's affiliate program without disclosure.[8]

TechRadar & Mashable both drew the parallel to the Honey class action against PayPal, in which a browser extension was accused of swapping creators' affiliate codes for its own at checkout.[3][10]

Motorola's response

Device Native made no public statement during or after the incident. The company removed its Moto App Launcher integration guide & subsequently took down the rest of its public-facing developer documentation site.[6][1]

Motorola issued a statement to multiple press outlets on May 27, 2026. A Motorola spokesperson told 9to5Google, Android Central, & other outlets:

Motorola and Device Native jointly developed an app search and suggestion experience for the Moto App Launcher, designed to help users quickly find and launch apps they already have installed on their devices. Recently, Motorola acted quickly to resolve an issue that was identified, which caused some users in the U.S. launching the Amazon Shopping app to be routed through a web tracking link before opening the app. This behavior was unintended and resulted in an inconsistent user experience. Upon identifying the issue, we promptly corrected the routing configuration. Users can now expect all installed apps to launch directly as intended. Motorola takes user experience, privacy, and platform integrity seriously and will continue to closely monitor the system to ensure expected behavior across devices. We are committed to responsible disclosure, and to transparent, collaborative engagement with researchers to identify and address potential issues swiftly.

[4][2]

The fix was deployed server-side as a routing-configuration change, ending the redirects on affected devices without requiring users to install an updated version of Smart Feed.[4][6]

Honey class action

The pending litigation TechRadar & Mashable pointed to is Wendover Productions, LLC et al. v. PayPal Inc., filed in California federal court & consolidated with more than two dozen similar actions into In re PayPal Honey Browser Extension Litigation.[11][12] The plaintiffs, content creators including bloggers & social-media producers, allege that PayPal's Honey browser extension diverted their affiliate commissions by manipulating tracking cookies at checkout.[12] On November 21, 2025, the court dismissed the consolidated complaint without prejudice, ruling that the plaintiffs had not adequately pleaded a cognizable injury traceable to PayPal; the court granted leave to amend & the case remains active.[11]

Lenovo's prior Superfish settlement

The Motorola incident is the second advertising-injection matter involving Lenovo-branded consumer hardware. Beginning in August 2014, Lenovo shipped consumer laptops with VisualDiscovery, advertising software developed by Superfish, Inc. that acted as a man-in-the-middle on encrypted web traffic to inject pop-up ads. In September 2017, Lenovo settled charges brought by the Federal Trade Commission & 32 state attorneys general over the practice; the FTC settlement prohibited Lenovo from misrepresenting features of preloaded ad-injecting or data-transmitting software, required Lenovo to obtain consumers' affirmative consent before pre-installing software of that kind, & required Lenovo to implement a software security program for most preloaded software for 20 years.[13]

See also

References

  1. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 Schoon, Ben (2026-05-25). "Motorola phones have started hijacking the Amazon app to insert affiliate codes". 9to5Google. Archived from the original on 27 May 2026. Retrieved 2026-05-27.
  2. 2.0 2.1 2.2 Diaz, Nickolas (2026-05-27). "Motorola was accused of slipping an affiliate link to users' Amazon purchases when using the app, discovered on its recent 2026 foldables". Android Central. Archived from the original on 28 May 2026. Retrieved 2026-05-27.
  3. 3.0 3.1 3.2 "Is this the Honey scandal all over again? Motorola phones caught adding affiliate codes to Amazon orders". TechRadar. 2026-05-26. Archived from the original on 28 May 2026. Retrieved 2026-05-28.
  4. 4.0 4.1 4.2 4.3 4.4 "Motorola says Amazon app affiliate behavior was "unintended," routing config fixed". 9to5Google. 2026-05-27. Archived from the original on 28 May 2026. Retrieved 2026-05-27.
  5. 5.0 5.1 5.2 5.3 5.4 Pandey, Rajesh (2026-05-26). "Your Motorola phone might be secretly monetizing your Amazon clicks". Android Police. Archived from the original on 27 May 2026. Retrieved 2026-05-28.
  6. 6.0 6.1 6.2 "Motorola confirms its phones were 'hijacking' the Amazon app". MobileSyrup. 2026-05-27. Archived from the original on 29 May 2026. Retrieved 2026-05-28.
  7. 7.0 7.1 Ziyauddin, Syed (2026-05-27). "Motorola Smart Feed Controversy: Users Claim Amazon App Launches Were Hijacked With Hidden Affiliate Links". NewsX. Archived from the original on 28 May 2026. Retrieved 2026-05-28.
  8. 8.0 8.1 Brecher, Hannes (2026-05-26). "Motorola smartphones hijack shopping apps to make money from sales". Notebookcheck. Archived from the original on 27 May 2026. Retrieved 2026-05-28.
  9. 9.0 9.1 9.2 "Motorola phones are hijacking links to make affiliate cash". Droid Life. 2026-05-26. Archived from the original on 28 May 2026. Retrieved 2026-05-27.
  10. Binder, Matt (2026-05-26). "Motorola phones are reportedly injecting affiliate codes into the Amazon app". Mashable. Archived from the original on 29 May 2026. Retrieved 2026-05-28 – via Yahoo Tech.
  11. 11.0 11.1 "PayPal Secures Another Victory in Consolidated Honey Browser Extension Cases". Orrick, Herrington & Sutcliffe LLP. 2025-12-03. Archived from the original on 24 March 2026. Retrieved 2026-05-28.
  12. 12.0 12.1 "In Re PayPal Honey Browser Extension Litigation". Cohen Milstein Sellers & Toll PLLC. Archived from the original on 14 March 2026. Retrieved 2026-05-28.
  13. "Lenovo Settles FTC Charges it Harmed Consumers With Preinstalled Software on its Laptops that Compromised Online Security". Federal Trade Commission. 2017-09-05. Archived from the original on 19 April 2026. Retrieved 2026-05-28.
Retrieved from "https://consumerrights.wiki/index.php?title=Motorola_Smart_Feed_Amazon_affiliate_hijacking&oldid=55140"