#The LastPass Android App Contains 7 Trackers From Third Party Companies đŹ â Review Geek
“#The LastPass Android App Contains 7 Trackers From Third Party Companies đŹ â Review Geek”
When it comes to account security, using a password manager is generally a good idea. But what happens if that password manager is tracking what youâre doing and not even telling you? According to security researcher Mike Kuketz, the LastPass Android app has seven embedded trackers, and LastPass may not know what data they collect.
As first spotted by The Register, Kuketz used tools from Exodus Privacy to examine the LastPass Android app and discovered seven trackers embedded in its code:
- AppsFlyer
- Google Analytics
- Google CrashLytics
- Google Firebase Analytics
- Google Tag Manager
- MixPanel
- segment
While Exodus Privacy confirms the presence of trackers, that doesnât guarantee they do anything. So Kuketz followed up with network monitoring while setting up a new LastPass account. He discovered that the app reached out to nearly every trackerâs servers without asking permission first.
Further inspection doesnât suggest that the trackers transferred any username or password data, but it does seem to know when the user creates a password and what type. Kuketz says that including a tracking code of this type in a password manager (or similar security-focused app) isnât acceptable, as the developers canât be fully aware of what the tracking code collects. Thatâs because trackers often use proprietary code that isnât open for inspection.
The amount of data does seem to be extensive, revealing information about the device in use, the cell phone carrier, the type of LastPass account, and the userâs Google Advertising ID (used to connect data about the user across apps). Itâs enough data to build an extensive profile around the most private information you store.
According to Exodus Privacy, other password manager donât use as many trackers. Bitwarden has two, RoboForm and Dashlane have four, and 1Password has none. Why LastPass uses so many isnât clear.
In a statement to The Register, a LastPass Spokesperson said, ââŠno sensitive personally identifiable user data or vault activity could be passed through these trackers.â The spokesperson went on to say you can opt-out of the analytics in the settings menu. Still, between this report and the recent change LastPass made to force free-tier users to choose between desktop and mobile syncing, it may be time to move onto another alternative like Bitwarden or 1Password.
via The Register
Â
If you liked the article, do not forget to share it with your friends. Follow us on Google News too, click on the star and choose us from your favorites.
For forums sites go to Forum.BuradaBiliyorum.Com
If you want to read more like this article, you can visit our Technology category.
