Reuters has reported that “thousands” of smartphone applications in Apple and Google’s online app store contain computer code developed by technology company Pushwoosh. Pushwoosh has been masquerading as a company established within the United States, but is actually Russian.
Alarmingly, the United States Army and Centers for Disease Control and Prevention (CDC) are among the customers utilizing Pushwoosh code. The CDC stated that it has been “deceived into believing Pushwoosh was based in the U.S. capitol,” per Reuters.
After learning that Pushwoosh had Russian origin, the CDC removed Pushwoosh software from seven public-facing apps, due to security concerns.
The US Army reports that it removed an app containing Pushwoosh code in March 2022 due to code concerns. The app, while not named by Reuters, reportedly was used at one of the Army’s main combat training bases. It’s unclear what the app’s purpose was.
Pushwoosh’s Russian origin revealed
Pushwoosh’s true origins are located in the Siberian town of Novosibirk, where it lists its headquarters according to documents reviewed by Reuters. The publicly-filed documentation in Russia lists Pushwoosh as a “software company that carries out data processing.”
The Russian documentation states that Pushwoosh is registered with the Russian government to pay taxes in Russia, per Reuters. It employs approximately 40 people and reported revenue of $143,270,000 rubles ($2.4 million) last year.
But on social media and in US regulatory filings, it presents itself as a US company based at various times in either California, Maryland, or Washington D.C., per Reuters.
Crunchbase also lists the company as headquartered in Washington, D.C.
According to Reuters research, Pushwoosh provides code and data processing support for software developers, enabling them to profile the online activity of smartphone app users. It then can send tailor-made push notifications for its users from Pushwoosh servers.
While Pushwoosh’s public documentation on privacy and user data collection states that it doesn’t “collect sensitive information”, Russia has a long history of companies such as Kaspersky handing over user data to their domestic security agencies.
Pushwoosh’s founder, Max Konev, told Reuters in September that “I am proud to be Russian, and I would never hide this”, but that his company “has no connection with the Russian government of any kind,” and stores its data in the US and Germany.
Discover more from Cybersecurity Careers Blog
Subscribe to get the latest posts sent to your email.
You must be logged in to post a comment.