Some of the app\u2019s code came from a company known as Pushwoosh, which reportedly went to significant lengths to present itself as a U.S.-based entity, according to Reuters. Those efforts included fake LinkedIn profiles, phony addresses and more. The company\u2019s founder, Max Konev, told the news organization that he was \u201cproud to be Russian\u201d in a September statement.<\/p>\n
The U.S. considers Russia a top-tier threat to national security, alongside China. Officials in Washington have repeatedly\u00a0warned of Moscow\u2019s hacking chops<\/a>\u00a0and its ability to wage influence campaigns abroad, and cybersecurity experts told Reuters that Russia\u2019s intelligence services may be able to compel companies like Pushwoosh to turn over their data, regardless of where it\u2019s stored.<\/p>\n According to legal experts interviewed by Reuters, the company was able to circumvent industry regulations and government contracting rules against doing business with Russian companies. Such restrictions have tightened since Russia\u2019s renewed invasion of Ukraine that began in February, and a growing number of companies have come under formal sanctions as well.<\/p>\n Pushwoosh is one of many software development companies that offer third-party coding solutions to other developers who are seeking off-the-shelf features to fold into their projects. According to the\u00a0company website<\/a>, Pushwoosh customizes its targeted notifications by collecting and storing a bevy of user data on its servers in Germany.<\/p>\n The Russian-owned entity gathers location data, device data and other potentially identifying information collected from apps that use its notifications code and pools it on its servers. A\u00a0company blog post\u00a0<\/a>reveals it retains that data \u201ceternally,\u201d no matter how long it has been since a user has opened the app, unless a user turns off notifications or deletes the app.<\/p>\n The National Training Center application, published by the service\u2019s\u00a0TRADOC Mobile app portal<\/a>\u00a0and listed in both the Apple and Google app stores, \u201cwas developed in 2016\u2033 using \u201ca free version of Pushwoosh,\u201d confirmed Army spokesperson Bryce Dubee in an emailed statement to Army Times and C4ISRNET.<\/p>\n It\u2019s not clear what user data was collected from the NTC app and stored by Pushwoosh, and it\u2019s not certain whether Russian intelligence services have obtained it or can access it. But even seemingly innocuous apps can feed targeting efforts: A\u00a02020 VICE Motherboard investigation<\/a>\u00a0revealed U.S. Special Operations Command had been purchasing anonymized location data for several apps popular in the Muslim world, presumably to unmask and target individuals associated with terrorist groups.<\/p>\n Russia has historically denied accusations of cyber aggression and espionage. Pushwoosh founder Konev told Reuters his company \u201chas no connection with the Russian government of any kind.\u201d<\/p>\n Why did an Army app use Pushwoosh code?<\/strong><\/p>\n An individual assigned to NTC, a major training center, created the application and submitted it for Army approval and publishing, according to Dubee. It was then approved.<\/p>\n According to the app\u2019s description in the Apple store, which was archived by\u00a0App Aware\u2019s API scraper<\/a>, the NTC app advertised providing \u201cthe latest Fort Irwin news, information and social media updates\u201d to users. It also included \u201cquick-click buttons for calling post facilities, a community calendar and a map to popular establishments and much more.\u201d<\/p>\n It\u2019s not clear whether the map feature required users to opt into sharing their location with the app \u2014 and potentially with Pushwoosh. Regardless, the app saw fairly wide use; an archived listing for the app on\u00a0Google Play store scraper APK Combo<\/a>\u00a0said more than 1,000 Android users downloaded it. Army Times and C4ISRNET could not confirm how many Apple devices had installed the app before it was removed from the App Store.<\/p>\n The NTC app fell out of use in 2019, an Army official said, after changes in personnel. But the potential risks went undetected for years after the NTC app was abandoned, the official added, until a \u201croutine scan\u201d of Army apps in March \u201cdetermined the NTC app was not in compliance, not in use, and not able to be updated.\u201d<\/p>\n Today, the app wouldn\u2019t be approved at all \u201cbecause regulations and guidance have become more stringent since 2016 [when it was developed],\u201d and the Army \u201cmoved to have the app taken offline completely while conducting a routine review of authorized apps,\u201d Dubee confirmed.<\/p>\n \u201cRegulations do not authorize the use of free software when paid software is available, and consequently, the PM Army Mobile team would have immediately disallowed\/disapproved the use of free software,\u201d Dubee explained.<\/p>\n The spokesperson did not answer\u00a0questions from Army Times and C4ISRNET<\/a>\u00a0seeking more information on what data the app collected and whether the service was aware of the company\u2019s origins when it shut down the NTC app in March.<\/p>\n![\"\"](\"https:\/\/www.fie.undef.edu.ar\/ceptm\/wp-content\/uploads\/2022\/11\/VAZCQCJ5F5EOPEFAXE6WTMWI5M.jpg\")
![\"\"](\"https:\/\/www.fie.undef.edu.ar\/ceptm\/wp-content\/uploads\/2022\/11\/7UZLC4D7KZGP7DN4FRND7FXMVU.jpg\")