LastPass Android App Contains Sneaky Tracking Software Hidden

Keeping track of all the passwords we use daily to access our online accounts and services can be difficult, which is why password managers such as LastPass are becoming increasingly popular among businesses and users. consumers.

However, a German security researcher named Mike Kuketz now advises users to avoid using LastPass’ Android app due to the fact that it contains seven built-in trackers. While the company says users can disable these trackers, their very existence could pose risks to such a security-critical app.

According to a new report from non-profit organization Exodus, of the trackers found in the LastPass Android app, four come from Google for analytics and crash reporting while the rest come from AppsFlyer, MixPanel and Segment. The segment is of particular concern as the company collects data for marketing teams to profile users and connect their activity across different platforms to serve targeted ads.

In his investigation, Kuketz also looked at what data is transmitted by LastPass’s Android app by inspecting network traffic to find that it sends details about the device used, mobile carrier, LastPass account type, and name. ‘Google Advertising ID’ which is able to connect data about a user across different applications.

Tracking in Password Managers

LastPass wasn’t the only password manager reviewed in Exodus’ report and the company found that 1Password and KeePass don’t contain any trackers while open source Bitwarden has one for Google Firebase scanning and one for Microsoft Visual Studio crash reports and Dashlane has four trackers.

Password managers are the easiest and most effective way to avoid reusing the same password across multiple sites and services, as many contain password generators that can create strong, complex passwords and unique at the push of a button.

In a statement to The registera LastPass spokesperson explained that the company uses trackers to improve its own service and that no identifiable user data could be transmitted through them, saying:

“No personally identifiable sensitive user data or vault activity can be transmitted by these trackers. These trackers collect limited aggregate statistical data about how you use LastPass, which is used to help us improve and optimize the product. All LastPass users, regardless of browser or device, have the ability to disable these scans in their LastPass Privacy Settings, located in their account here: Account Settings > View Advanced Settings > Privacy. continuously our existing processes and we strive to make them more compliant with and exceed the requirements of currently applicable data protection standards.”

Whether you choose LastPass or another password manager, investing in such a service can be a great way to improve your security and avoid becoming a victim of identity theft.

Through the registry

Comments are closed.