LastPass Android app has some sneaky tracking software hidden away
Popular password manager contains seven embedded trackers
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Keeping track of all the passwords we use daily to access our online accounts and services can be difficult which is whypassword managerssuch asLastPassare becoming increasingly popular among both businesses and consumers.
However, a German security researcher named Mike Kuketz is now advising users to avoid using LastPass' Android app due to the fact that it contains seven embedded trackers. While the company says that users can opt out of these trackers, their very existence could induce risks to such a security-critical application.
According to anew reportfrom the non-profit organization Exodus, of the trackers found in the LastPass Android app, four are fromGooglefor analytics and crash reporting while the others are from AppsFlyer, MixPanel and Segment. Segment is particularly concerning because the company gathers data for marketing teams to profile users and connect their activity across different platforms to servetargeted ads.
In his investigation, Kuketz also looked into what data is transmitted by LastPass' Android app by inspecting the network traffic to discover that it sends details about the device being used, the mobile operator, the type of LastPass account and theGoogle Advertising IDwhich is able to connect data about a user across different apps.
Tracking in password managers
LastPass wasn’t the only password manager examined in Exodus' report and the firm found that1PasswordandKeePasscontain no trackers while the open sourceBitwardenhas one for Google Firebase analytical and one forMicrosoftVisual Studio crash reporting andDashlanehas four trackers.
Password managers are the simplest and most efficient way for people to avoid reusing the same password across multiple sites and services since many containpassword generatorswhich can create strong, complex and unique passwords with the tap of a button.
In astatementtoThe Register, a spokesperson from LastPass explained that the company uses trackers to improve its own service and that no identifiable user data could be passed on through them, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“No sensitive personally identifiable user data or vault activity could be passed through these trackers. These trackers collect limited aggregated statistical data about how you use LastPass which is used to help us improve and optimize the product. All LastPass users, regardless of browser or device, are given the option to opt-out of these analytics in their LastPass Privacy Settings, located in their account here: Account Settings > Show Advanced Settings > Privacy. We are continuously reviewing our existing processes and working to make them better to comply, and exceed, the requirements of current applicable data protection standards.”
Regardless of whether you choose LastPass or a different password manager, investing in such a service can be an excellent way to improve your security posture and avoid falling victim toidentity theft.
ViaThe Register
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
