What does CDC, etc, do with the profiles they build from app users' online activity and location data? Seems creepy.


November 14, 20229:21 AM CST Last Updated 2 days ago
Exclusive: Russian software disguised as American finds its way into U.S. Army, CDC apps

By James Pearson
and Marisa Taylor
...
Pushwoosh provides code and data processing support for software developers, enabling them to profile the online activity of smartphone app users and send tailor-made push notifications from Pushwoosh servers.
...
"Pushwoosh collects user data including precise geolocation, on sensitive and governmental apps, which could allow for invasive tracking at scale," said Jerome Dangu, co-founder of Confiant, a firm that tracks misuse of data collected in online advertising supply chains.
...

The CDC apps that contained Pushwoosh code included the agency's main app and others set up to share information on a wide range of health concerns. One was for doctors treating sexually transmitted diseases. While the CDC also used the company's notifications for health matters such as COVID, the agency said it "did not share user data with Pushwoosh."

The Army told Reuters it removed an app containing Pushwoosh in March, citing "security issues." It did not say how widely the app, which was an information portal for use at its National Training Center (NTC) in California, had been used by troops.

The NTC is a major battle training center in the Mojave Desert for pre-deployment soldiers, meaning a data breach there could reveal upcoming overseas troop movements.

U.S. Army spokesperson Bryce Dubee said the Army had suffered no "operational loss of data," adding that the app did not connect to the Army network.

Some large companies and organizations including UEFA and Unilever said third parties set up the apps for them, or they thought they were hiring a U.S. company...