Motorola has disabled functionality in its preinstalled Smart Feed app after security researchers and users discovered it was intercepting Amazon Shopping app launches to insert affiliate referral codes without user consent. The app silently modified user traffic to redirect a portion of Amazon purchase commissions to Motorola, effectively monetizing user shopping activity through undisclosed affiliate marketing.

The Smart Feed app comes preinstalled on many Motorola Android devices as part of the manufacturer's software bundle. When users attempted to open the legitimate Amazon Shopping app, Smart Feed would intercept the launch and inject affiliate tracking codes into the session. This type of traffic manipulation allows the device manufacturer to earn referral commissions on purchases users make through Amazon, with users unaware their shopping activity was being monetized by a third party.

The technical mechanism involved the Smart Feed app monitoring for Amazon app launches and inserting itself into the process to modify outbound traffic. This represents a form of on-device ad tech that operates at the system level, taking advantage of the app's preinstalled status and elevated permissions. Security researchers flagged the behavior as a violation of user trust, particularly because it occurred silently without disclosure in app permissions or privacy policies that users would reasonably review.

The discovery adds to ongoing concerns about bloatware and preinstalled apps on Android devices from major manufacturers. These apps often cannot be fully uninstalled by users and may have system-level permissions that enable intrusive behavior. The incident affects Motorola phone owners who had Smart Feed installed, though the exact number of impacted devices remains unclear. Motorola has not issued a public statement detailing the scope or duration of the affiliate injection program.

Users with Motorola devices should immediately check for updates to the Smart Feed app, which should include the disabled affiliate injection functionality. Review all permissions granted to preinstalled apps and consider using Android's disable function for bloatware that cannot be uninstalled. Organizations deploying Motorola devices should audit preinstalled software and consider enterprise management policies that restrict or remove manufacturer bloatware. This incident highlights the need for greater transparency in how device manufacturers monetize preinstalled software and the importance of user consent in affiliate marketing programs.

Source: https://gbhackers.com/motorola-app-allegedly-hijacks-amazon-app-activity/