In LastPass for Android found seven built-in trackers

Trackers in LastPass for Android

German cybersecurity expert Mike Kuketz noticed that the LastPass Android app has seven trackers that monitor users. The researcher builds his findings on the report of the non-profit organization Exodus, which is described as an initiative “led by hacktivists, the goal of which is to help people understand the problems of tracking in Android applications.”

Seven trackers were found in the password manager, including four from Google that collect data for analytics and crash reporting, as well as AppsFlyer, MixPanel and Segment. For example, the latter collects information for marketing teams, and its developers write that the tool offers to create a “single view of the customer” by profiling users and linking together their actions on different platforms (presumably to personalize ads).

In this way, the LastPass developers are striving to monetize the huge number of free users of their application.Mike Kuketz believes.

At the same time, the researcher warns that often application developers do not know at all what data trackers collect and what they transfer to third parties. As a result, integrating someone else’s proprietary code into an application can be dangerous and can lead to data leakage. According to the expert, there is no place for such trackers in a password manager, whose security is extremely important.

According to the expert, LastPass transmits to the side information about the device used, the carrier, the type of the LastPass account, the Google advertising ID (which can be used to link user data from different applications). In addition, trackers “know” when a user creates new passwords and what type they are.

Instead of LastPass, it is better to use other password managers, for example, the open-source KeePass. The fact is that, according to Exodus, there are no trackers at all in either the KeePass code or the 1Password code. There are two beacons in the open source Bitwarden code: Google Firebase analytics and Microsoft Visual Studio crash reports, and four were found in Dashlane.says Kuketz.

LastPass representatives have already assured the media that with the detected trackers it is impossible to transfer confidential user data, and their storage is also safe. It is emphasized that trackers only collect statistical information about the use of the application, which is used to improve and optimize the product. In addition, user can opt out of collecting analytics in the settings.

Let me remind you that ToTok messenger turned out to be a tool for total tracking.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *