Recommendations not to use LastPass after detailing 7 trackers |
After using LastPass password manager, security researchers recommend adding 7 trackers to the Android app in detail.
While there is no evidence that the researcher (Mike Kuketz) analyzed that the tracker was sending real passwords or usernames, Koketz said: For very important security applications that deal with this sensitive information, having these tools in place is a bad practice.
A LastPass spokesperson responded to the report: The company is collecting limited data on how the app is used to improve its products.
The spokesperson added: These trackers cannot transfer sensitive user data that can be personally identified or saved activity, and users can turn off scanning in the privacy section of the advanced settings menu.
It includes four Google LastPass trackers that handle analytics and bug reporting, plus a tracker from a company called Segment that collects data for the marketing team.
Cookz analyzed the data sent and found that it contained information about the make and model of the smartphone, as well as information about whether the user had activated the biometric security feature.
According to security researchers, only third-party code integration creates potential security vulnerabilities, even if the data sent in person cannot be determined.
He wrote, "If you use LastPass, I recommend changing the password manager, and some solutions do not permanently send data to third parties or record user behavior."
LastPass isn't the only password manager with this type of tracker, but there appears to be more than that than many of its popular competitors.
According to Exodus, the free Bitwarden alternative only has a tracker. This is a review of the privacy of Android apps while RoboForm and Dashlane have four while 1Password has none.
The report comes after LastPass announced that it will drastically reduce its sites in the free plan, and the change will take effect on March 16th.
Although Free Plan users currently have unlimited password storage space between devices, there are no restrictions, but they will soon have to choose a device to view and manage passwords from cell phones or computers unless they want to pay for the service.