Connect with us

Apps

LastPass’ Android app is chock-full of trackers, says a security researcher

Gross.

lastpass on iphone
Image: KnowTechie

If you’re serious about your online security, you might want to rethink using LastPass and moving your data to another password manager. That’s because a security researcher found seven trackers buried in the LastPass Android app.

His analysis of the trackers inside LastPass showed that while it wasn’t sending passwords or usernames, it was sending things like the Google Advertising ID, if a new password was created, and what type of password. Yikes. The researcher, Mike Kuketz, recommends not using LastPass, moving instead to a password manager that doesn’t send data to third parties or record user behavior.

That’s possibly easier said than done, with most of the popular password managers all tracking user behavior at varying levels. According to Exodus Privacy, Bitwarden has two trackers, RoboForm and Dashlane have four, showing how pervasive tracking is, even in security-focused applications.

My current favorite password manager, 1Password, has no trackers at all, making me extra glad that I switched from LastPass about a year ago.

For LastPass’s side, the company says that the tracking is to “improve and optimize the product,” while going on to say that users can opt-out by going to Account Settings > Show Advanced Settings > Privacy on the web interface. Feels like it should be the other way around, with users opting-in to tracking on sign up, instead of being automatically tracked.

If you were already thinking about moving to another password manager after LastPass announced that the free tier will work on mobile or on desktop, with reduced support, this report might be the last thing you needed to make up your mind.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Apps