this post was submitted on 26 May 2026
169 points (95.2% liked)

Technology

84938 readers
3757 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
169
Motorola phones are hijacking your Amazon app [Video] (9to5google.com)
submitted 1 day ago by mettwurstkaninchen@feddit.org to c/technology@lemmy.world
57 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Passerby6497@lemmy.world 2 points 19 hours ago (1 children)

Whether or not they are behind the affiliate link or there's some kind of MIM/malware or similar attack remains to be seen. Unfortunately we live in a time where app repos are being compromised left and right so with the limited information in the article this was my view of the situation.

I understand what you're saying, I'm saying the information we have doesn't fit the behavior you're equating this to.

Given they only had the issue when accessing it via the moto app drawer app on a limited number of phones and didn't see it when side loading or loading the app from another store, that is evidence against an app compromise and is closer to the behavior seen in local compromises. Were this an app level compromise as you're suggesting, the behavior wouldn't disappear on different devices or when side loaded.

I could easily be wrong, I just don't see the behavior I'd expect to see for a wide ranging own like a repo takeover.

[–] atrielienz@lemmy.world 2 points 1 hour ago* (last edited 1 hour ago) (1 children)

Yeah, I didn't understand. Sorry about that.

I could potentially see this happing if it's an app that this app talks to that's compromised or perhaps if they have a second app installed that this app interfaces to/that is talking to this app to prompt this behavior.

It wasn't clear to me if they attempted to duplicate this on the same hardware by wiping the device and then side loading the app/installing it from a different app store.

But I think that's because this app is a stock app that can't generally be deleted (only rolled back to a previous version) from my understanding. But I may be wrong about that. This definitely makes it sound like it was the most recent update that caused this behavior.

An app update on Motorola phones has started hijacking the Amazon app for the sake of injecting an affiliate code. To do that, tapping the app icon opens the user’s browser and immediately redirects to the Amazon app. It’s a “blink and you missed it” moment. This only happens when the user opens the Amazon app from the app drawer – not the homescreen pages.

[–] Passerby6497@lemmy.world 2 points 23 minutes ago* (last edited 22 minutes ago)

Yeah, it's a bit confusingly worded. A couple paragraphs down it starts to show how the behavior isn't consistent

We verified on a Razr (2026) running an older Smart Feed v2.03.0056 that this does not happen. Our Razr Fold, with app version 2.03.0070, has started showing this behavior, so it’s the latest update that’s to blame for hijacking the user’s intent. We couldn’t replicate this on a Moto G Stylus (2026) running the same app version, though. Sideloading the app, for reasons unclear, doesn’t seem to trigger this behavior, as manually installing the updated version on the aforementioned Razr (2026) didn’t show the same behavior.

Just the fact that the same version installed other ways didn't have the same behavior makes an app compromise conclusion hard to support. But you're entirely right that this could be secondary app caused, potentially the update mechanism on the phone was compromised, which might explain why side loading didn't have the same behavior.