A hot potato: Tensions between Russia and the United States make officials more wary of using any software or digital services from the region. Reuters has identified a Russian company that appears to be an American developer. So far, two government agencies have removed or modified apps using the Siberian provider’s code.
The U.S. military and the Centers for Disease Control and Prevention (CDC) have removed several “general-purpose” apps because of security concerns about Russian-made code in their programs. The developer in question is Pushwoosh, which provides software and data processing support to other app makers for marketing purposes.
Pushwoosh is headquartered in Novosibirsk, Siberia, and has about 40 employees, although its website lists 150 people. Its annual revenue is about 143,270,000 rubles (US$2.4 million), on which he pays taxes in Russia. The company has also filed with US regulators claiming various national operating locations, including California, Maryland and Washington, DC. It lists its location as “Washington, DC” and “Kensington, Maryland”. Social Media accounts.
Pushwoosh’s registered address in the United States is a residence in Maryland owned by a “friend” of Pushwoosh’s founder, Max Cone. The anonymous owner says he has no business relationship with the business other than his address, which reportedly only received household letters during the pandemic. Currently, Konev operates the company from Thailand, although Reuters did not find a listing for the pushback with Thai regulators.
“Founded in 2011, the company has grown over the years to become one of the leading marketing services with over 150 employees and offices in multiple countries,” says Pushwoosh’s “About” page. “Thousands of startups and major global brands rely on Pushwoosh to build effective marketing processes. »
The CDC says Pushwoosh was “fooled” into thinking it was an American company. The CDC pulled Pushwoosh’s code from seven of its apps listed in Google Play and Apple’s App Store after the developer was said to be based in Russia. Similarly, the U.S. military retired a comprehensive app commonly used by personnel at an unnamed U.S. military base.
The company says it doesn’t collect “sensitive information” and positions its online presence as one of thousands of other marketing tools for app developers (tweet below). In fact, Reuters acknowledges that it has not been able to find evidence of the company mishandling user data, but also points out that Russian state intelligence agencies cannot stop Pushvoosh from requesting users’ data.
Despite the allegations, Pushwoosh denies trying to impersonate an American company.
“I am proud to be Russian and I will never hide it,” Konev told Reuters: ” [Pushwoosh] Not associated with the Russian government in any way. »
Get out-of-the-box recommendations to define your push notification strategy #HolyFriday 2022 🛍️
Learn best practices for recovering abandoned carts, first and repeat purchases, upsells and cross-sells right inside the app’ https://t.co/i76r6WS2j7#e-commerce
—Pushwoosh (@pushwoosh) November 2, 2022
Konev also noted that user data is stored in the US and Germany. However, the location of user information offers little protection against Russian authorities demanding that the company hand it over to them. Since the start of the conflict in Ukraine, U.S. officials have been increasingly concerned about Russia’s efforts to spy on or sabotage national businesses, agencies and infrastructure.
The U.S. military and the CDC aren’t the only clients of pushwoosh. The company says it has apps on more than 2.3 billion devices, including more than 8,000 apps on iOS and Android that use PushWoosh code to send targeted notifications to users. Clients include large corporations, non-profit organizations and other government agencies. Reuters listed some as including international goods supplier Unilever, the Union of European Football Associations, the National Rifle Association (NRA) and Britain’s Labor Party.
Legal experts say Pushwoosh’s deception may violate US contract laws and Federal Trade Commission (FTC) regulations. The FTC’s former director of consumer protection said the matter is within the commission’s jurisdiction and falls within the scope of “unfair and deceptive practices that affect American consumers.”
However, the FTC, the US Treasury and the Federal Bureau of Investigation declined to comment or acknowledge whether any investigations resulted from the case. Similarly, Apple and Google did not directly comment on the pushback, but said data and user security were their top priority.