Russian Code Found in US Army, CDC Apps

Total times read this article : 17

A Russian company offering data processing services for apps has deceived many international companies by presenting itself as a US entity. The company is called Pushwoosh Inc., and its Russian origins were uncovered by Reuters(Opens in a new window).

A quick check of Pushwoosh’s social media channels reveal a company claiming to be located in Washington, D.C. on Twitter, and Maryland on Facebook and LinkedIn. On the company’s YouTube channel it boasts of 80,000 clients including Unilever, Deloitte, Coca-Cola, McDonald’s, FIBA, Sport1, and SPAR.

US regulatory filings by the company don’t mention Russia, this includes eight annual filings made in Delaware. It has also been confirmed that Pushwoosh’s founder, Max Konev, is using the email address of a friend based in Maryland to handle business correspondance.

In reality, Pushwoosh is a Russian company with headquarters in Novosibirsk, Siberia. It employs around 40 people and revenue last year amounted to roughly $2.4 million. It’s also registered to pay taxes to the Russian government, and is therefore subject to the same rules as other Russian companies—notably the sharing of user data with the Russian government upon request.

Most worrying of all is the company’s association with US government agencies. A US Army app used as an informational portal at the National Training Center by troops contained Pushwoosh code, but was removed due to “security issues” earlier this year. The Centers for Disease Control and Prevention (CDC) admitted it thought Pushwoosh was a US company and has now removed the company’s code from multiple public-facing apps. Others, including UEFA and Unilever, relied on third parties to create apps for them which ended up containing Pushwoosh code.

Recommended by Our Editors

Legal experts talking to Reuters believe Pushwoosh could be violating FTC laws and this discovery may trigger sanctions. That would have a huge impact not only on the company, but the 8,000 apps its code is embedded in across Google Play and the iOS App Store.

Konev is claiming his company “has no connection with the Russian government of any kind” and that all data is stored in either the US or Germany. Currently there is no clear evidence the stored data is being shared with Russia, but that doesn’t mean Pushwoosh couldn’t be compelled to share by its government.

PCMag Logo The Best VPN Services for 2022
SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs” readability=”31.423799582463″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Facebook Comments Box

Visits: 0

RELATED ARTICLESMORE FROM AUTHOR