If “the call is coming from inside the house”, why is it so specific/not very reproducible across the same app version and different methods of installing/accessing the app?
This is exactly why I said the bit about ‘unless there’s a breach’.
There’s another comment on one of these threads that goes in depth about who the affiliate link supposedly belongs to, even though it doesn’t match any of their known affiliate links, and it would appear that the affiliate link doesn’t actually belong to Motorola (that anyone has been able to prove so far).
All that being said, Motorola is the developer of the app so if they pushed an update that causes this, then they are on the hook. Whether or not they are behind the affiliate link or there’s some kind of MIM/malware or similar attack remains to be seen. Unfortunately we live in a time where app repos are being compromised left and right so with the limited information in the article this was my view of the situation.
Whether or not they are behind the affiliate link or there’s some kind of MIM/malware or similar attack remains to be seen. Unfortunately we live in a time where app repos are being compromised left and right so with the limited information in the article this was my view of the situation.
I understand what you’re saying, I’m saying the information we have doesn’t fit the behavior you’re equating this to.
Given they only had the issue when accessing it via the moto app drawer app on a limited number of phones and didn’t see it when side loading or loading the app from another store, that is evidence against an app compromise and is closer to the behavior seen in local compromises. Were this an app level compromise as you’re suggesting, the behavior wouldn’t disappear on different devices or when side loaded.
I could easily be wrong, I just don’t see the behavior I’d expect to see for a wide ranging own like a repo takeover.
Yeah but the app developer is Motorola. So unless they have had a breach (they’d like to tell us about) the call is coming from inside the house.
If “the call is coming from inside the house”, why is it so specific/not very reproducible across the same app version and different methods of installing/accessing the app?
This is exactly why I said the bit about ‘unless there’s a breach’.
There’s another comment on one of these threads that goes in depth about who the affiliate link supposedly belongs to, even though it doesn’t match any of their known affiliate links, and it would appear that the affiliate link doesn’t actually belong to Motorola (that anyone has been able to prove so far).
All that being said, Motorola is the developer of the app so if they pushed an update that causes this, then they are on the hook. Whether or not they are behind the affiliate link or there’s some kind of MIM/malware or similar attack remains to be seen. Unfortunately we live in a time where app repos are being compromised left and right so with the limited information in the article this was my view of the situation.
I understand what you’re saying, I’m saying the information we have doesn’t fit the behavior you’re equating this to.
Given they only had the issue when accessing it via the moto app drawer app on a limited number of phones and didn’t see it when side loading or loading the app from another store, that is evidence against an app compromise and is closer to the behavior seen in local compromises. Were this an app level compromise as you’re suggesting, the behavior wouldn’t disappear on different devices or when side loaded.
I could easily be wrong, I just don’t see the behavior I’d expect to see for a wide ranging own like a repo takeover.