I would have to first have an Amazon app, or account.
this post was submitted on 26 May 2026
172 points (96.2% liked)
Technology
84940 readers
3706 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
You were the chosen one!
Tldr? How?
...
An app update on Motorola phones has started hijacking the Amazon app for the sake of injecting an affiliate code. To do that, tapping the app icon opens the user’s browser and immediately redirects to the Amazon app. It’s a “blink and you missed it” moment. This only happens when the user opens the Amazon app from the app drawer – not the homescreen pages.
...
We verified on a Razr (2026) running an older Smart Feed v2.03.0056 that this does not happen. Our Razr Fold, with app version 2.03.0070, has started showing this behavior, so it’s the latest update that’s to blame for hijacking the user’s intent. We couldn’t replicate this on a Moto G Stylus (2026) running the same app version, though. Sideloading the app, for reasons unclear, doesn’t seem to trigger this behavior, as manually installing the updated version on the aforementioned Razr (2026) didn’t show the same behavior.
In further digging, we noticed that the URL the phone opens up is “kira-abboud.com,” a website that references fashion influencer “@kirasfashionfinds.” Notably, this exact URL isn’t listed anywhere on Abboud’s social media, and the affiliate codes don’t match up either. The redirect coming from Motorola phones is using Amazona affiliate code “sramz-kff-008-20” which is completely different from any of the codes we saw from links shared by Abboud’s accounts and linked websites.
That sounds more like a phone got hit with malware than it necessarily being Motorola doing it. The same version of the app on multiple systems or side loading the suspicious version didn't trigger the behavior, so I'm doubtful the app itself is to blame.
Yeah but the app developer is Motorola. So unless they have had a breach (they'd like to tell us about) the call is coming from inside the house.
If "the call is coming from inside the house", why is it so specific/not very reproducible across the same app version and different methods of installing/accessing the app?
This is exactly why I said the bit about 'unless there's a breach'.
There's another comment on one of these threads that goes in depth about who the affiliate link supposedly belongs to, even though it doesn't match any of their known affiliate links, and it would appear that the affiliate link doesn't actually belong to Motorola (that anyone has been able to prove so far).
All that being said, Motorola is the developer of the app so if they pushed an update that causes this, then they are on the hook. Whether or not they are behind the affiliate link or there's some kind of MIM/malware or similar attack remains to be seen. Unfortunately we live in a time where app repos are being compromised left and right so with the limited information in the article this was my view of the situation.
Whether or not they are behind the affiliate link or there's some kind of MIM/malware or similar attack remains to be seen. Unfortunately we live in a time where app repos are being compromised left and right so with the limited information in the article this was my view of the situation.
I understand what you're saying, I'm saying the information we have doesn't fit the behavior you're equating this to.
Given they only had the issue when accessing it via the moto app drawer app on a limited number of phones and didn't see it when side loading or loading the app from another store, that is evidence against an app compromise and is closer to the behavior seen in local compromises. Were this an app level compromise as you're suggesting, the behavior wouldn't disappear on different devices or when side loaded.
I could easily be wrong, I just don't see the behavior I'd expect to see for a wide ranging own like a repo takeover.
They won't get away with that sort of sh*t when they're selling with GrapheneOS on them- assuming that deal continues to make progress.
The only mobile OS worth using at this point is Graphene if you ask me.
Isn't Motorola the new msnufacturer for those GraphineOS phones? And now they do THIS???
Kinda makes them feel less trustworthy to install a security based rom on.
I said this in another comment, but the same app version being loaded on multiple phones and it doesn't affect all of them, or side loading the app, or launching from a home screen all can bypass the issue, so it sounds more like malware than corporate fuckery.
Ive been with Pixel for a while and was looking forward to my next phone being a Motorola but this is NOT a good look at all
From reading the article, the conclusion right now is that this isn't a conscious act by Motorola.
My guess is they used an open source library in their Smart Feed app that has been poisoned with an affiliate link injection. Either that or someone working at Motorola slipped the code in and their quality control process missed it.
Neither one of those is a good look for Motorola. But it probably isn't as bad as the headline makes it sounds.
On a side note, I ditched the increasingly shoddy Pixel a series for a mid-level Motorola phone a couple of years ago and haven't looked back.
Ive got a Pixel 8 Pro with GOS and I love it
Seconded, though the sooner I'm able to get GrapheneOS on another phone, the better, as Google's quality plunge after the Pixel 5 series was just inexcusable.
Edit: Actually, pretty much almost every Pixel phone has had some major hardware defect, including the ones before the 6 series.
The question is if the next gos phone will have a competitive camera quality in order to be a viable alternative for more people than only "high targets"
I've had nothing but good experiences with my pixel 9, what stands out to you?
I have a Pixel 7 from a couple years ago. Its simply an inferior product compared to other mobiles on the market. The higher price could be a more regional issue perhaps but mine still has problems with fingerprint scanner, sim issues, heating problems etc.
The only reason I bought it was for the unlocked boot loader and grapheneos.
Pixel 7 still had problems with fingerprint reader, Pixel 9 doesn't
Haven't had any malfunctions on the pixel 9 at all, but I immediately installed grapheneOS and put it in a case. Maybe because I didn't grab it at launch I dodged a bullet? Odd.
Maybe they fixed some of that in later iterations. Heating and 5g bands are more region dependent so that could be just me since I live near the equator.
My Pixel 8 Pro has been the best of the Pixel phones I've had, but Google's phone hardware is rough. Contrary to my previous point, my Pixel 4 XL had the bloated battery issue, and I had to give that up for the 6 Pro, which had the shittiest Tensor chip leading to overheating and lack of reception in areas where I should have full bars. Gave that up for the 8 Pro, and it hasn't had any significant hardware issues so far.
So yeah, Google hardware sucks, and I'm thrilled to potentially be moving to a new Moto phone that has a Snapdragon chip and improved hardware quality.
I can't speak for the pro series. I had as Pixel 1 that was very good.
But then for cost and headphone jack reasons I switched to the a series when my Pixel 1 died. Both I and friends and family have had various Pixel 'a' series phones, and we've all seen the quality get progressively worse. Batteries, gyros, cameras, screens, you name it. I wouldn't recommend that specific line of phones.
I would still shoot for that with graphene OS over other options without. I had a Pixel 6 with.no issues.
Thirded! Switched a few weeks back. Feels good to be able to fight in whatever little way that I can. Though one of my bank apps stopped working so that's kind of a pain in the ass.
How awful was moving your data? I've been wanting to switch, but my big hesitation is all my 2fa apps cuz I really don't want to have to reach out to all my clients to redo those...
I haven't needed to transfer much data. Three out if my banking apps worked with their proprietary token app required for living in our transferring money. Same with my stock trading app. But I'm thinking of moving those back to an older android again because, I dunno, I just don't feel like having it on my fault driver anymore.
I dunno what to do about Microsoft authenticator. I need it to log into my Microsoft account for managing my kids' screen time, I think, and for playing Minecraft.
I have Google's authenticator app which I've needed to log into certain services.
Sorry, I like tinkering with my devices but I'm not a very technical person, so I'm not sure if I've answered your question correctly.
Wait, why can't you just export and import the TOTP data? You shouldn't need to notify any of the providers...
I thought it didn't let me, but this may just be PEBKAC...
It's app level injection, so presumably if you install GrapheneOS or use a different "smart feed app" (some kind of launcher for Motorola? I haven't used one before), it won't affect the user. Although, I agree it's a pretty bad look on the QA of preloaded apps.
load more comments
(5 replies)
Stock ROMs are removed immediately when obtaining a new phone
Ah yes one of the reasons why GrafeneOS will support Motorola devices soon /s
Somehow feels like manipulating media now that android lockdown draws near and graphene os + motorola is one of the few fighting it
Shitty behavior on the part of Moto.
On the other hand, installing GOS gets rid of this issue. I'll likely still buy a Moto if I have the option of installing GOS myself. I wouldn't trust Moto to not add something to a pre-installed GOS.
Motorola primarily makes budget phones, mostly because they're full of malware like this. Same reason some companies will offer phones and TVs completely free.
Unfortunately privacy is expensive. And the GOS phone will be as well.
Good thing I don't use Amazon.
Why should anyone install the amazon app? I mean… it's a website (if one realy must…)
Amazon is a computer activity for sure. But I try not to use it at all. I've been fairly successful cutting them out of my life.
Even worse. The Amazon app is trash that sometimes doesn't work at all, but the Amazon website works well on mobile.
I actually find the app is very nice compared to the mobile website on a pixel 9, of course I'm on GrapheneOS so I can enjoy apps from shitty companies without worrying too much about it doing shady things.
Although as of the past week, they've been injecting a shop with Alexa ad when you first open the app that slows you down by a few seconds, which is extremely infuriating.
I'm one of those shitty human beings who, unfortunately, orders fairly often from Amazon.
Not sure what happened, possibly some mim, i dont think Motorola would risk reputational damage for a merely few $ through such low level highjack.
I dont think it any ill will here by Motorola.
Seems like their parent company hasn't learned anything since the whole Superfish nonsense all those years ago. Glad I've stayed far away from them all this time.
TLDW?
Did they just not see the backlash and class actions filed against PayPal/Honey, CapitalOne, etc. for this same affiliate code swapping scheme and just decided they'd do it anyway? Surely they had to have seen that, or did they think it was a good idea done blatantly and are trying to be sneakier about it?
view more: next ›