According to an exclusive report from Reuters, thousands of apps on Apple’s App Store and Google Play contain software from a Russian technology company that has disguised itself as American. The company is called Pushwoosh. Notable apps affected include apps belonging to the Centers for Disease Control and Prevention, as well as the U.S. Army.
According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing. It employs around 40 people and reported revenue of $2.4 million last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.
On social media and in U.S. regulatory filings, Pushwoosh presents itself as a U.S. company based at various times in California, Maryland and Washington, D.C. The Russian software company’s founder, Max Konev, told Reuters in a September email that the company had not intentionally disguised its Russian origins.
“I am proud to be Russian and I would never hide this,” Konev said. He added the company “has no connection with the Russian government of any kind” and stores its data in the United States and Germany.
The CDC “said it had been deceived into believing Pushwoosh was based in the U.S. capital,” according to Reuters. After learning about its Russian roots from Reuters, the CDC removed Pushwoosh software from seven public-facing apps, citing security concerns.
The U.S. Army said it had removed an app containing Pushwoosh code in March because of the same concerns. That app was used by soldiers at one of the country’s main combat training bases.
Pushwoosh provides code and data processing support for software developers. This enables them to profile the online activity of smartphone app users and send tailor-made push notifications from Pushwoosh servers.
On its website, Pushwoosh says it does not collect sensitive information. Reuters found no evidence Pushwoosh mishandled user data.