Motorola Was Caught Injecting Shady Tracking Code Within The Amazon App

Malicious actors are everywhere on the internet, though you typically don't expect them from the developer of your smartphone. We're used to dubious Chrome extensions that steal your data, but a recent incident with Motorola has left users puzzled. Though it's already been patched, there was a strange issue with Motorola devices (including the Razr Fold) involving users being sent to an even stranger link before opening a certain app.

As spotted by 9to5Google, Motorola issued an app update that was injecting affiliate code into the Amazon app via the Motorola Smart Feed app. Typically, the Smart Feed app shows users a variety of curated content, but when users tried to open Amazon through the app, it quickly opened a browser window and then closed it before actually launching the platform. While this is peculiar in itself, what's truly puzzling is that the URL users were being sent to involves a popular fashion influencer.

It's worth emphasizing that this peculiar "bug" has been patched, and Motorola was swift to correct the mistake. Motorola users don't need to take any action, as reports indicate that the issue in the Smart Feed app has been addressed without requiring any software updates. It's a peculiar situation, but given that we're used to finding malware hidden in video games, we're not totally surprised.

Originally discovered by a Motorola Razr 60 owner in the r/Android community on Reddit, the user cited an Android Debug Bridge (ADB) log showing that, rather than simply opening the Amazon app, Smart Feed first directed the user to a website that usually provides ad services for cell phones, "devicenative.com." The issue was typically found in version 2.03.0070 of the Smart Feed app, though it was not reproducible when sideloading Smart Feed.

When 9to5Google investigated, they found that the URL in question involved Instagram influencer Shakirah A Abboud (@kirafashionfinds). However, the link in question did not appear to be associated with any affiliate codes the influencer used. Speaking with 9to5Google, Motorola stated that the problem has been addressed, and that it was "unintended," saying, "Upon identifying the issue, we promptly corrected the routing configurations. Users can now expect all installed apps to launch directly as intended."

While Motorola did address Device Native, the ad company in question, it did not address why a fashion influencer was involved. Device Native has also removed all of its developer documentation from its website for the time being. Although the issue has been resolved, users can still disable the Smart Feed app if needed. Navigate to Settings, tap Apps, find Smart Feed, and select Disable. While Motorola users may no longer need to worry about the issue, remember there are some things you should do if you're being hacked.