Pushwoosh hit the press as russian software, disguised as American software, used e.g. by the army. Full Reuters article here.
The background seems to be that the Delaware company did outsource work to a Russian company, but claims to have terminated that in February 2022.
Two important quotes from the Reuters article are:
“Pushwoosh collects user data including precise geolocation, on sensitive and governmental apps, which could allow for invasive tracking at scale,” said Jerome Dangu, co-founder of Confiant, a firm that tracks misuse of data collected in online advertising supply chains.
“The data Pushwoosh collects is similar to data that could be collected by Facebook, Google or Amazon, but the difference is that all the Pushwoosh data in the U.S. is sent to servers controlled by a company (Pushwoosh) in Russia,” said Zach Edwards, a security researcher, who first spotted the prevalence of Pushwoosh code while working for Internet Safety Labs, a nonprofit organization.
Pushwoosh advertises itself as:
Get in close contact with your audience on mobile and web. Convert higher engagement into monetary value with customer-centric messaging fueled by Pushwoosh.
In the current global situation, we don’t really want to have e.g. geolocation of U.S. soldiers processed in Russia. But since it clearly is collecting telemetry data, it earns it’s place on the Anti-Beacon list for that alone.