Security researcher recommends against LastPass after detailing 7 trackers
Source: The Verge added 26th Feb 2021A security researcher is recommending against LastPass password manager after detailing seven trackers found in the Android app, The Register reports. Although there is no suggestion that the trackers, which were analyzed by researcher Mike Kuketz, are transferring a user’s actual passwords or usernames, Kuketz says their presence is bad practice for a security-critical app handling such sensitive information.
Responding to the report, a spokesperson from LastPass says the company gathers limited data “about how LastPass is used” to help it “improve and optimize the product.” Importantly, LastPass tells The Register that “no sensitive personally identifiable user data or vault activity could be passed through these trackers,” and users can opt out of the analytics in the Privacy section of the Advanced Settings menu.
LastPass’s trackers include four from Google which handle analytics and crash reporting, as well as one from a company called Segment, which reportedly gathers data for marketing teams. Kuketz analyzed the data being transmitted and found it included information about the smartphone’s make and model, as well as information about whether a user has biometric security enabled. Even if the data transmitted isn’t personally identifiable, just integrating this third-party code in the first place introduces the potential for security vulnerabilities, according to Kuketz.
“If you actually use LastPass, I recommend changing the password manager,” wrote Kuketz (via machine translation). “There are solutions that do not permanently send data to third parties and record user behavior.”
LastPass isn’t the only password manager to include trackers like this, but it appears to have more than many popular competitors. Free alternative Bitwarden has just two according to Exodus Privacy, while RoboForm and Dashlane have four, and 1Password has none.
The report comes on the heels of LastPass’s announcement to severely limit functionality in its free tier. While free users are currently able to store an unlimited number of passwords across devices without limitation, soon they’ll have to pick one category of devices to view and manage their passwords on — “Mobile” or “Computer” — unless they want to pay for the service. The changes will come into effect on March 16th.
brands: CODE First Google It Mobile One party Solutions Unlimited media: 'The Verge' keywords: Android App Google Mobile
Related posts
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Related Products
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91
Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91