A few years ago, a massive affiliate code hijacking scheme rocked the internet. YouTubers and other influencers discovered that PayPal’s money-saving Chrome extension, Honey, was sneakily inserting its own e-commerce affiliate codes — sometimes even replacing creators’ affiliate codes — in order to take credit for the sale and profit from the commission.
The whole ordeal resulted in lawsuits and even Google getting involved, changing its Chrome extensions policy and how the company handles affiliate links.
Now, a Reddit user and 9to5Google have uncovered yet another over-the-top instance of affiliate hijacking that’s reportedly affecting Motorola smartphone users.
Over the weekend, a Reddit user noticed that their Motorola Razr Ultra was behaving oddly when trying to shop on Amazon.
“When I tried to open the Amazon app, it would instead open the browser and send me to some sketchy looking url, which then redirects to amazon.com with an affiliate code,” Reddit user u/Trypocopris said.
Mashable Light Speed
The user found that his device was making requests to “devicenative.com,” a service that claims to offer “personalized, on-device mobile ad serving without sharing user data.”
9to5Google was able to replicate the issue. The outlet found the issue on a Razr Fold with the latest Smart Feed v2.03.0070. However, 9to5Google was unable to replicate the behavior on the latest Razr running the older Smart Feed v2.03.0056. While some Motorola phones on the latest version would not replicate the issue, 9to5Google believes the issue is related to Smart Feed v2.03.0070.
The affiliate hijacking only appears to occur when a user opens the Amazon app from the app drawer. Opening Amazon from the home screen does not cause the issue. (Mashable was also redirected when opening the Amazon shopping app from the Smart Feed, but not when opening the app from the home screen.) When selecting Amazon from the app drawer, the user’s mobile web browser briefly opens up before quickly directing the user to the Amazon app.
Interestingly, 9to5Google found that users are briefly redirected to a website containing the term “kira-abboud,” an apparent reference to fashion influencer @kirasfashionfinds. However, as the outlet discovered, neither this URL nor the Amazon affiliate code being injected matches anything publicly shared by the influencer herself.
So, did a bad actor find a way to inject their affiliate code into certain Motorola smartphones? Did a rogue employee insert their own? Mashable reached out to Motorola for comment, and we’ll update this story if they provide more information.
However, users can stop the behavior by turning the Smart Feed feature off. Simply go to Settings, followed by Apps, then search for Smart Feed and choose the Disable option. 9to5Google reports that doing this immediately stopped the redirect.
