Disguised Russian Software Made Its Way Into Army, CDC Smartphone Apps Unnoticed

Disguised Russian Software Made Its Way Into Army, CDC Smartphone Apps Unnoticed

Thousands of smartphone applications in Apple Inc AAPL and Alphabet Inc GOOG GOOGL Google's online stores contain computer code developed by a technology company, Pushwoosh that presents itself as based in the U.S. but is Russian.

The Centers for Disease Control and Prevention (CDC) said it had been deceived into believing Pushwoosh was based in the U.S. capital. 

After learning about its Russian roots from Reuters, it removed Pushwoosh software from seven public-facing apps, citing security concerns.

The U.S. Army said it had removed an app containing Pushwoosh code in March because of the same concerns.

According to company documents publicly filed in Russia, Pushwoosh has its headquarters in the Siberian town of Novosibirsk, registered as a software company that also carries out data processing. Pushwoosh is registered with the Russian government to pay taxes in Russia.

On social media and in U.S. regulatory filings, however, it presents itself as a U.S. company based at various times in California, Maryland, and Washington, D.C.

Pushwoosh provides code and data processing support for software developers, enabling them to profile the online activity of smartphone app users and send tailor-made push notifications from Pushwoosh servers.

Pushwoosh's founder, Max Konev, had said the company "has no connection with the Russian government of any kind" and stores its data in the U.S. and Germany.

However, cybersecurity experts said storing data overseas would not prevent Russian intelligence agencies from compelling a Russian firm to cede access to that data.

Pushwoosh's business with U.S. government agencies and private companies could violate contracting and U.S. Federal Trade Commission (FTC) laws or trigger sanctions, ten legal experts told.

After Reuters raised Pushwoosh's Russian links with the CDC, the health agency removed the code from its apps because "the company presents a potential security concern," spokesperson Kristen Nordlund said.

Posted In: GovernmentNewsRegulationsTechMedia