Thousands of smartphone applications in Apple and Google online app stores contain fragments of computer software code developed by a Russian company.
According to the publication in Reuters, these parts of software code were developed by the technology company called Pushwoosh – officially this company presents itself as an American company, but in reality, it is Russian.
The scale of affected organizations is likely very large – US Army and the Centers for Disease Control and Prevention (CDC) are among the governmental institutions that are currently investigating this security issue.
CDC already announced it was fraudulently led to believe that Pushwoosh was based in the US Now, this code has already been removed from seven apps that were accessible to the public.
The US Army reacted even before Reuters revealed the results of their investigation. An app containing Pushwoosh code was removed back in March due to potential security concerns. This app was originally used by soldiers at one of the main US combat training bases.
The real headquarters of Pushwoosh seem to be located in the Russian town of Novosibirsk, and also has a Russian registration. This software company has around 40 employees. In the US, however, in the official documents and filings, this organization presents itself as an American company.
For now, there is no evidence that Pushwoosh could have collected sensitive information. But the risk is high, as the Russian Federation has already forced multiple companies to either leave the local market or to disclose all user data to local security agencies.
Google and Apple currently do not comment on this situation.