LONDON/WASHINGTON: Thousands of smartphone apps at Apple and Google’s online retail stores involve computer code developed by a generation company, Pushwoosh, which claims to be founded in the United States but is Russian, Reuters has founded.
The Centers for Disease Control and Prevention (CDC), the leading U. S. company, is the largest U. S. company. A U. S. military official fighting major threats to fitness, said they were deluded into believing that Pushwoosh was founded in the U. S. capital. U. S. After learning of its Russian roots from Reuters, it got rid of Pushwoosh software from seven public-facing apps, raising security concerns.
The U. S. military The U. S. Department of Health said it got rid of an app containing the Pushwoosh code in March due to the same concerns. This app was used by foot soldiers in one of the country’s main fighting education bases.
According to corporate documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is based in the Siberian city of Novosibirsk, where it is registered as a software company that also deals with data processing. rubles ($2. 4 million) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.
However, on social media and in U. S. regulatory documents, there is no need for it. The U. S. company presents itself as a U. S. company, with bases in California, Maryland and Washington, D. C. , Reuters found.
Pushwoosh provides code and knowledge processing to software developers, allowing them to profile the online activity of smartphone app users and send tailored push notifications from Pushwoosh’s servers.
On its website, Pushwoosh says it collects sensitive information, and Reuters found no evidence that Pushwoosh mishandled user knowledge. However, Russian authorities have forced local corporations to hand over user knowledge to national security agencies.
Pushwoosh founder Max Konev told Reuters in a September email that the company had tried to hide its Russian origins. “I’m proud to be Russian and I would never hide it. “
He said the company “has no connection with the Russian government of any kind” and retails its know-how in the United States and Germany.
However, cybersecurity experts said storing the knowledge would not prevent Russian intelligence agencies from forcing a Russian company to give up access to that knowledge.
Russia, whose ties with the West have deteriorated since its seizure of the Crimean peninsula in 2014 and its invasion of Ukraine this year, is a leader in hacking and cyberespionage, spying on foreign governments and industries to seek a competitive edge, according to Western officials. .
Huge database
The Pushwoosh code has been installed in the programs of a wide diversity of foreign companies, influential non-profits, and government agencies, from global customer goods company Unilever Plc and the Union of European Football Associations (UEFA) to tough U. S. arms lobbying. U. S. National Rifle. Association (NRA) and the British Labour Party.
Pushwoosh’s dealings with U. S. government agenciesU. S. and personal corporations may simply violate contract law and the U. S. Federal Trade Commission (FTC) may simply violate contract law. The U. S. government would cause sanctions, 10 legal experts told Reuters. The FBI, the U. S. TreasuryThe U. S. Department of Health and the FTC declined to comment.
Jessica Rich, former director of the FTC’s Office of Consumer Protection, said “these types of cases are under the authority of the FTC,” which cracks down on unfair or deceptive practices affecting American consumers.
It’s possible Washington will simply impose sanctions on Pushwoosh and has ample strength to do so, sanctions experts said, adding all the skills through a 2021 executive order that gives the U. S. the U. S. UU. la ability to target Russia’s tech sector in malicious cyber activities.
Pushwoosh’s code was embedded in nearly 8,000 apps in the Google and Apple app stores, according to Appfigures, an app intelligence ArrayPushwoosh says it has more than 2. 3 billion devices indexed in its database.
“Pushwoosh collects user knowledge, aggregating exact geolocation, in sensitive and government applications, which can enable invasive tracking at scale,” said Jerome Dangu, co-founder of Confiant, a company that tracks the misuse of knowledge collected in online ad source chains.
“We discovered no transparent symptoms of deceptive or malicious intent in Pushwoosh’s activity, which does not lessen the threat of knowledge leakage from the app to Russia,” it added.
Google said privacy was a “major concern” for the company, but did not respond to requests for comment on Pushwoosh. Apple said it is serious about accepting users as true and security, but also declined to answer questions.
Keir Giles, a Russian expert at London-based think tank Chatham House, said that despite foreign sanctions against Russia, a “considerable number” of Russian corporations still operate and collect people’s private information.
Given Russia’s security laws, “it should not be unexpected that, with or without direct ties to the Russian state’s espionage campaigns, corporations that have knowledge of the proceedings will have to downplay their Russian roots,” he said.
‘Security issues’
After Reuters reported on Pushwoosh’s Russian ties to the CDC, the fitness company removed the code from its apps because “the company has a potential security issue,” spokeswoman Kristen Nordlund said.
“CDC believed Pushwoosh was a Washington, D. C. -area company,” Nordlund said in a statement. The trust was based on “representations” made through the company, he said, without elaborating.
CDC apps containing the Pushwoosh code included the company’s main app and others configured for percentages of data on a wide variety of fitness issues. One for doctors who treat sexually transmitted diseases. While the CDC has also used corporate notifications for fitness issues like COVID, the firm said it “does not percentage user awareness with Pushwoosh. “
The military told Reuters it got rid of an app containing Pushwoosh in March, raising “security concerns”. He did not say to what extent the app, which data portal will be used at his National Training Center (NTC) in California, had been used by troops.
The NTC is a major combat education center in the Mojave Desert for infantrymen before deployment, a data breach there could reveal upcoming troop movements overseas.
U. S. Army spokesman Bryce Dubee said the military had suffered an “operational loss of data,” adding that the app connected to the army’s network.
Some major corporations and organizations, such as UEFA and Unilever, said third parties had set up the apps for them or had the idea they were hiring an American company.
“We don’t have a direct relationship with Pushwoosh,” Unilever said in a statement, adding that Pushwoosh got rid of one of its apps “some time ago. “
UEFA said his contract with Pushwoosh “with an American company. “UEFA declined to say whether it was aware of Pushwoosh’s Russian links, but said it was reviewing its relationship with the company after being contacted via Reuters.
The NRA said its contract with the company ended last year and that it is “not aware of any issues. “
The British Labour Party responded to requests for comment.
“Knowledge collected through Pushwoosh is knowledge that can be collected simply through Facebook, Google or Amazon, but the difference is that all Pushwoosh knowledge in the United States is sent to servers controlled through a company (Pushwoosh) in Russia,” Edwards said, a security researcher, who first detected the prevalence of Pushwoosh code while applying for Internet Safety Labs, a non-profit organization.
Roskomnadzor, Russia’s communications regulator, responded to a Reuters request for comment.
Fake address, profiles
In U. S. regulatory documents. In the U. S. and social media, Pushwoosh never mentions his ties to Russia. The company lists “Washington, D. C. ” as his location on Twitter and claims that his address is a house in the suburbs of Kensington, Maryland, according to his most recent documents filed by a US company sent to the secretary of state of Delaware. He also lists Maryland’s address on his Facebook and LinkedIn. Profiles.
Kensington’s space is the home of a Russian friend of Konev’s who spoke to a Reuters reporter on condition of anonymity. He said he had nothing to do with Pushwoosh and agreed to allow Konev to use his address to receive mail.
Konev said Pushwoosh began using the Maryland address to “receive business mail” about the coronavirus pandemic.
It said it now operates Pushwoosh from Thailand, but provided no evidence that it was registered there. Reuters may simply not find a company with that call in Thailand’s Registrar of Companies.
Pushwoosh never mentioned that he founded in Russia in 8 annual filings in the US state of Delaware, where he is registered, an omission that may violate state law.
Instead, Pushwoosh indexed an address in Union City, California, as its smartest trading position between 2014 and 2016. That address exists, according to Union City officials.
Pushwoosh used LinkedIn accounts allegedly belonging to two executives in Washington, D. C. appointed Mary Brown and Noah O’Shea to solicit sales. But neither Brown nor O’Shea are genuine people, Reuters found.
Brown’s property was that of an Austrian-based dance teacher, taken through a photographer in Moscow, who told Reuters he had no idea how he ended up at the site.
Konev stated that the accounts were not genuine. He said Pushwoosh hired a marketing firm in 2018 to create them with the goal of social media selling Pushwoosh, not to mask the company’s Russian origins.
LinkedIn said it got rid of the accounts after being alerted via Reuters.
Download the Mint app and premium stories
Log in to our to save your favorites. It will only take a moment.
You’re one step away from creating your watch list!
Ups! It seems that he went over the line to label the symbol. Remove some to upload this symbol to your favorites.
Your query has expired, log in again.
You are now subscribed to our newsletters. If you can’t find any emails from us, check the spam folder.
This is a subscriber-only feature Subscribe now to receive updates on WhatsApp