US Army and CDC remove code from apps after finding out it was Russian-made

Cal Jeffrey

Posts: 3,725   +1,176
Staff member
A hot potato: The tension between Russia and the United States has authorities overly cautious about using any software or digital services from the region. Reuters has identified one Russian firm that appears to be posing as a US developer. So far, two government agencies have pulled or altered apps using the Siberian provider's code.

The US Army and the Centers for Disease Control and Prevention (CDC) have removed several "public-facing" apps, citing security concerns over Russian-designed code within their programs. The developer in question is Pushwoosh, which provides software and data processing support to other app makers for marketing purposes.

Pushwoosh is headquartered in Novosibirsk, Siberia, with about 40 employees, although its website says it has 150. It has an annual revenue of around 143,270,000 rubles ($2.4 million US), which it pays taxes on in Russia. The company has also registered with US regulators claiming various domestic operations locations, including California, Maryland, and Washington, DC. It lists its location as "Washington, DC" and "Kensington, Maryland" on its social media accounts.

The address Pushwoosh registered in the US is a residential home in Maryland belonging to a "friend" of Pushwoosh founder Max Konev. The anonymous homeowner says he has no business connections with the company other than his address, which allegedly only received domestic correspondence during the pandemic. Currently, Konev operates the company out of Thailand, although Reuters could find no listings for Pushwoosh with Thai regulators.

"Founded in 2011, over the years the company has become one of the leading marketing services with over 150 employees and offices in multiple countries," says Pushwoosh's "About" page. "Thousands of startups and global leading brands rely on Pushwoosh in building effective marketing processes."

The CDC claims that Pushwoosh "deceived" it into thinking it was a US company. After being notified that the developer was Russian-based, the CDC pulled Pushwoosh's code from seven of its apps listed on Google Play and Apple's App Store. Likewise, the US Army pulled an entire app commonly used by personnel at an unnamed US military base.

The company claims that it does not collect "sensitive information" and positions its online presence as simply one of thousands of other marketing tools for app developers (below tweet). Indeed, Reuters admits that it couldn't find evidence that the company mishandled user data but also points out that nothing can stop Russian state intelligence agencies from demanding user data from Pushwoosh just as it has from other software firms in the past.

Despite the allegations, Pushwoosh denies trying to pass itself off as an American company.

"I am proud to be Russian, and I would never hide this," Konev told Reuters, adding, "[Pushwoosh] has no connection with the Russian government of any kind."

Konev also noted that user data is stored in the US and Germany. However, the location of user information provides little protection from Russian authorities demanding the company hand it over. Since the onset of the Ukraine conflict, US officials have had intense concerns over Russia attempting to spy on or sabotage domestic companies, agencies, and infrastructure.

The US Army and CDC are not Pushwoosh's only customers either. The firm claims to have apps on over 2.3 billion devices, with more than 8,000 apps on iOS and Android using Pushwoosh code to push targeted notifications to users. Clients include large corporations, non-profit organizations, and other government entities. Reuters listed a few by name, including international goods provider Unilever, the Union of European Football Associations, the National Rifle Association (NRA), and Britain's Labour Party.

Legal experts say Pushwoosh's deceptiveness might violate contracting laws and US Federal Trade Commission (FTC) regulations. A former FTC director of consumer protection said the case is directly within the Commission's jurisdiction and would fall into the realm of "unfair and deceptive practices affecting US consumers."

However, the FTC, US Treasury, and Federal Bureau of Investigation have refused to comment or acknowledge if any investigations have resulted from the matter. Likewise, Apple and Google have not commented directly on Pushwoosh but stated that data and user security were their primary focus.

Permalink to story.

 

Uncle Al

Posts: 9,363   +8,581
Sad to say but after all this junk done by the Russians the US and all NATO countries should band together to completely eliminate every faced of Russian goods, services, and information from their respective systems. They made a great attempt in earlier years to be more friendly and open with the West but the present country simply cannot and should not be trusted for a very, very, very long time to come.
 

psycros

Posts: 4,583   +6,909
Why in the hell would the Army and the CDC have outsourced MARKETING code in their apps? Nooo, this isn't a privacy concern at ALL.
 

psycros

Posts: 4,583   +6,909
Sad to say but after all this junk done by the Russians the US and all NATO countries should band together to completely eliminate every faced of Russian goods, services, and information from their respective systems. They made a great attempt in earlier years to be more friendly and open with the West but the present country simply cannot and should not be trusted for a very, very, very long time to come.
They made a very good effort to *appear* more open and friendly - under Putin it was always a lie and the military knew it, but the generals were ordered to keep quiet. There's a book about this that came out not too long ago, I forget the title. I think maybe John Bolton was involved.
 

Avro Arrow

Posts: 3,396   +4,412
Well, I guess it's clear that SOMEBODY in the US Government didn't exercise due diligence when vetting companies that supply them. This is just the one that they caught. How many others are there of which they are still unaware?