Numerous iOS and android apps, including one that may contain sensitive information about the The American armyhave a user profiling code from a Russian company Pushwoosh which was posing as an American company, raising privacy and security concerns.
According to research, a wide range of applications, including those from the US military and the Centers for Disease Control and Prevention (CDC), installed Pushwoosh malware. An app analytics company called Application figures claims that approximately 8,000 applications in the Apple App Store and Google Play Store had the Pushwoosh code.
Thousands of smartphone apps in Apple and Google’s online stores contain computer code developed by a technology company, Pushwoosh, which claims to be based in the United States but is Russian, Reuters has found.
The Centers for Disease Control and Prevention (CDC), the central US agency for tackling major health threats, said they had been tricked into believing Pushwoosh was based in the US capital. After learning about his Russian roots from Reuters, he removed Pushwoosh software from seven public-facing apps, citing security concerns.
The US military said it removed an app containing the Pushwoosh code in March due to the same concerns.
-Reuters
Software developers can send push alerts to users with Pushwoosh, which offers code and data processing tools. The company’s website says it does not collect sensitive data, and a Reuters investigation found no evidence that Pushwoosh mishandled user data. There is always a potential security risk for companies using the code. According to company records, Pushwoosh is based in the Siberian city of Novosibirsk. However, it presents itself as an American company on social media and in regulatory filings in the United States.
The military told Reuters it removed an app containing Pushwoosh in March, citing “security concerns”. He did not say to what extent the app, which was an information portal for use at his National Training Center (NTC) in California, had been used by troops.
The NTC is a major combat training facility in the Mojave Desert for pre-deployment soldiers, which means a data breach there could reveal upcoming troop movements overseas.
The company claims to have data on 2.3 billion devices, and the code has been included in nearly 8,000 apps in total. The article points out that there is no evidence that the Pushwoosh code was created for any evil or deceptive purpose, but it was concerning that he went to such lengths to pretend to belong in the United States. The company also created two fake leaders with alleged WashingtonDC and fake addresses LinkedIn accounts.
Source: Reuters
