Thousands Of Apps ‘Contain Russian Code’

Thousands of iPhone and Android apps in the official Apple and Google app stores contain code from a developer that apparently concealed the fact that it is based in Russia, according to a Reuters report.

The US military’s National Training Center (NTC) was one of the organisations that deployed the code from Russian firm Pushwoosh in an NTC information-portal app, although the code was removed earlier this year, the report said.

While there is no indication of intentional misuse of data by Pushwoosh, which makes push notification tools, the situation highlights the exposure of potentially sensitive data through smartphone apps.

Data concerns

Confiant, which tracks misuse of online advertising data, said Pushwoosh collects user data including precise geolocation.

Russia’s security laws mean the country’s government could compel Russian firms to hand over such data, potentially even if, as is the case with Pushwoosh, the data is apparently stored in servers outside of Russia.

Pushwoosh said it stores customer data in servers in the US and Germany.

Organisations including the Centres for Disease Control (CDC) told Reuters they had believed Pushwoosh was based in the US.

Pushwoosh founder Max Konev told Reuters he “would never hide” the fact that he is Russian.

But regulatory filings in the state of Delaware, where Pushwoosh is registered, list addresses in California or Maryland and do not mention any Russian connection.

Military app

Pushwoosh’s social media accounts list US locations.

But documentation filed in Russia indicates Pushwoosh is based in Novosibirsk, in Siberia, employing about 40 people.

Relations between the US and Russia have grown increasingly hostile since Russia’s occupation of the Crimean peninsula in 2014 and its invasion of Ukraine earlier this year.

Russia is considered a top player in foreign intelligence hacking.

The US Army’s National Training Center at Fort Irwin is an important pre-deployment training base for the US military.

The US Army said it had used Pushwoosh code in the base’s information portal app but had removed the app in March due to security concerns.

Corporate clients

The CDC removed seven of its apps containing Pushwoosh code after learning of the firm’s Russian origins.

Pushwoosh lists major firms including Unilever, McDonald’s, Spar and Deloitte amongst its clients, although Unilever told Reuters it had no direct relationship with Pushwoosh.

The US’ National Rifle Association and the UK’s Labour Party also offer apps using Pushwoosh notification systems.

Google and Apple both said privacy was a priority for the companies.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago