LastPass’ Android app is chock-full of trackers, says a security researcher
If you’re serious about your online security, you might want to rethink using LastPass and moving your data to another password manager. That’s because a security researcher found seven trackers buried in the LastPass Android app.
His analysis of the trackers inside LastPass showed that while it wasn’t sending passwords or usernames, it was sending things like the Google Advertising ID, if a new password was created, and what type of password. Yikes. The researcher, Mike Kuketz, recommends not using LastPass, moving instead to a password manager that doesn’t send data to third parties or record user behavior.
That’s possibly easier said than done, with most of the popular password managers all tracking user behavior at varying levels. According to Exodus Privacy, Bitwarden has two trackers, RoboForm and Dashlane have four, showing how pervasive tracking is, even in security-focused applications.
My current favorite password manager, 1Password, has no trackers at all, making me extra glad that I switched from LastPass about a year ago.
For LastPass’s side, the company says that the tracking is to “improve and optimize the product,” while going on to say that users can opt-out by going to Account Settings > Show Advanced Settings > Privacy on the web interface. Feels like it should be the other way around, with users opting-in to tracking on sign up, instead of being automatically tracked.
If you were already thinking about moving to another password manager after LastPass announced that the free tier will work on mobile or on desktop, with reduced support, this report might be the last thing you needed to make up your mind.
- Firefox and 1Password added tools to fight against privacy breaches
- A new Android update is bringing more security, Android Messages scheduling, and more
- If you’re using the Android version of Slack, go change your password ASAP
- After months of silence, Google has finally updated its iOS YouTube app