Privacy, Russia, United States

Pushwoosh, Which Claims To Be Based in the US, Embeds Codes in Thousands of Mobile Apps


A Russian company that provides data processing services for applications fooled several international companies by posing as a US entity. Reuters identified the actual origins of Pushwoosh Inc.

By claiming to be based in Washington, D.C. on their Twitter, the Russian company pretended to be a full-fledged US entity. Maryland for their Facebook, and LinkedIn. Unilever, Deloitte, Coca-Cola, McDonald’s, FIBA, Sport1, and SPAR are among the company’s 80,000 clients.

Pushwoosh did not include Russia in their annual regulatory filing in Delaware. Pushwoosh’s founder, Max Konev, used an email address of a friend in Maryland to do business.

Pushwoosh is a Russian firm with headquarters in Novosibirsk, Siberia, with 40 workers, and revenue last year estimated to be over $2.4 million.

The aforementioned company was registered to pay taxes to the Russian government, which is quite concerning given that Russian businesses are compelled to exchange data with their government.

The worst thing is that it was able to collaborate with US government entities. A US Army program containing Pushwoosh code was discovered to be accessing an educational portal at the National Training Center by troops earlier this year, but it was deleted due to “security reasons.”

The Centers for Disease Control and Prevention (CDC) confirmed that it mistook Pushwoosh for a US company and has since deleted the company’s code from a number of public-facing apps. Others, such as UEFA and Unilever, depended on third-party developers to construct apps that included Pushwoosh code.

Konev claims his firm “has no link with the Russian government in any way” and that all data is held in either the United States or Germany.

For the time being, no more proof has been discovered indicating the company is sharing data with the Russian government; but, the Russian government may force them to provide data at some point in the future.