Official US Army app had Russian code, may have harvested user data
By Davis Winkie and Colin Demarest
Tuesday, Nov 15
The U.S. Army confirmed that an officially approved app was built using code from a tech company with Russian roots that provides popular tools for developers to send customized notifications to their users.
At least 1,000 people downloaded the app, which delivered updates for troops at the National Training Center on Fort Irwin, California, a critical waypoint for deploying units to test their battlefield prowess before heading overseas. The app fell out of use in 2019 due to routine personnel changeover, and likely wouldn’t have been approved today due to more stringent IT protocols in recent years, according to an Army official and a service spokesperson. The confirmation comes after a Reuters investigation spotlighted the situation.
Some of the app’s code came from a company known as Pushwoosh, which reportedly went to significant lengths to present itself as a U.S.-based entity, according to Reuters. Those efforts included fake LinkedIn profiles, phony addresses and more. The company’s founder, Max Konev, told the news organization that he was “proud to be Russian” in a September statement.
https://www.c4isrnet.com/cyber/2022/11/15/official-us-army-app-had-russian-code-may-have-harvested-user-data/
