US Army Among Others Uses Code From Russian Company That’s Pretending To Be An American Company In Their Apps

When people create apps, it’s not at all unusual for the developer to use code from someone else. After all, why reinvent the wheel if someone has done the hard work for you?

Well, maybe that practice should be rethought. I say that because it now turns out a Russian company who were pretending to be an American company has had its code show up in thousands of apps. Including an app used by the US Army. Reuters has the details:

Thousands of smartphone applications in Apple and Google’s online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is actually Russian, Reuters has found.

The Centers for Disease Control and Prevention (CDC), the United States’ main agency for fighting major health threats, said it had been deceived into believing Pushwoosh was based in the U.S. capital. After learning about its Russian roots from Reuters, it removed Pushwoosh software from seven public-facing apps, citing security concerns.

The U.S. Army said it had removed an app containing Pushwoosh code in March because of the same concerns. That app was used by soldiers at one of the country’s main combat training bases.

According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.

On social media and in U.S. regulatory filings, however, it presents itself as a U.S. company, based at various times in California, Maryland and Washington, D.C., Reuters found.

Now the question is this: Is this company trying to simply evade sanctions against Russia to stay in business. Or are they collecting data from these apps and handing it over the the Russian government. The company says it didn’t hide the fact that it is Russian, though I question that based on the Reuters story. And one could argue that it really doesn’t matter as the Russian government could knock on their door asking for whatever data they had, and the company could hand it over.

I think that the take home message is as follows. If you as a developer plan to use someone else’s code in your apps, you should make sure that it’s from a trustworthy source. Clearly a lot of developers didn’t in this case. And now it’s an issue.

Leave a Reply

%d bloggers like this: