A technology company called Pushwoosh, we are told, helped develop apps for entities including the United States Army and the U.S. Centers for Disease Control and Prevention (CDC), as well as all sorts of companies in the private sector. (Related: Did you know that the CDC is not a government agency but rather a private corporation in disguise?)
Why is this a problem, you might be asking? Pushwoosh claims to be based in Washington, D.C., but Reuters recently discovered that the company is actually operating out of Russia.
Upon learning about this, the CDC announced the removal of seven public-facing apps, citing security concerns. The CDC also issued a statement claiming it was deceived into believing that Pushwoosh was a U.S.-based entity.
The U.S. Army did the same thing back in March by removing several of its apps as well, including one that was being used by soldiers at one of the country's primary combat training bases.
Publicly filed company documents show that Pushwoosh has its headquarters in a Siberian town called Novosibirsk. Russian public records show that the company is registered as a software company that also performs data processing.
Somewhere in the vicinity of 40 employees work for Pushwoosh, which last year reported revenues of 143,270,000 rubles, or the equivalent of around $2.4 million. The company is also registered with the Russian government to pay taxes in Russia, not the U.S.
At the very same time, Pushwoosh claims to be a U.S. company, both on social media and more importantly in U.S. regulatory filings, the latter of which appears to constitute fraud.
At various times, Pushwoosh has made conflicting claims about where in the U.S. it is supposedly located. When not claiming to be based in D.C., the company has said it is based in Maryland, while at another point in time it claimed to be based in California.
These revelations are particularly concerning in light of the fact that Pushwoosh's role in code development involves creating software tools for developers that allow for the monitoring and surveillance of smartphone app users' online activity.
Clients of Pushwoosh are able to use this information to send custom-made push notifications to smartphone app users' devices straight from the company's servers.
On its website, Pushwoosh claims that none of the information it collects is sensitive in nature. Reuters agrees with this, claiming it found no evidence that Pushwoosh in any way mishandled user data.
The problem with all this, though, is that the Russian government requires companies like Pushwoosh to hand over collected data to domestic security agencies. This means the Kremlin likely has a trove of data at its disposal about various things that are happening at the CDC, in the Army, and elsewhere.
In an emailed statement to Reuters, Pushwoosh founder Max Konev said he has never tried to mask his company's Russian origins, despite how things appear.
"I am proud to be Russian and I would never hide this," he said.
Following the publishing of the Reuters exposé, Pushwoosh published a blog post aimed at dispelling the idea that it is a Russian company in disguise.
"Pushwoosh Inc. is a privately held C-Corp company incorporated under the state laws of Delaware, USA," the post explains. "Pushwoosh Inc. was never owned by any company registered in the Russian Federation."
More of the latest news can be found at CyberWar.news.
Sources for this article include: