Popular password manager in the spotlight over web trackers
LastPass, a popular password manager, has come under some fire following a report that its Android app features seven built-in advertising and analytics trackers that gather data ranging from the user’s device type and Android version to whether the user is on a free plan and has enabled biometric protection.
After LastPass implemented a big change in the free version of the app’s password manager, the company is under scrutiny. It has been found that the Android app of LastPass contains as many as seven trackers. According to reports, tester Mike Kuketz decided to check the app with the help of Exodus- an Android privacy audit platform and it was during this check, the seven trackers in the LastPass app were discovered.
These seven trackers include Google Analytics, AppsFlyer, Google Firebase Analytics, Google CrashLytics, Google Tag Manager, MixPanel and Segment. It has been noted that these Google trackers are being used for analytics as well as crash reporting, however, MixPanel and Segment are platforms that can utilise data via user profiling and advertisements. Usually, data collection is not uncommon for apps but LastPass, being a password manager, is expected to be different. In such cases, a high level of trust is demanded and therefore, LastPass is being criticised.
The spokesperson also gave assurances that no sensitive personally identifiable user information or password vault activity can pass through the trackers, adding that the trackers only collect aggregated statistical data about the app’s use, which is then used for optimizing and improving LastPass. It should be noted, however, that some of these trackers are found in several other widely used password managers, too.
Now, while the report may be disconcerting for privacy-minded users, it shouldn’t detract from the benefits of using a password manager – including in order to avoid making these common password creation mistakes. Users looking to double down on their security can choose from a variety of both free and paid solutions, with some even being directly integrated into full-featured security solutions. On that note, adding an extra layer of security in the form of multi-factor authentication is also a desirable option.