LastPass in privacy hot seat over web trackersFebruary 26, 2021
‘ slate of web trackers is in the spotlight after a security researcher recommended switching away from the password manager based on the findings of a well-known privacy advocacy app. The analysis follows LastPass’ recently announced , which will become effective in March.
The Exodus Privacy app, developed by the Guardian Project to document the number of trackers and permissions other apps use, discovered seven web trackers in the Android version of LastPass. Highlighting the findings in an analysis published Thursday, German security researcher Mike Kuketz recommended users move away from the password manager in favor of one without trackers.
The web trackers on LastPass include those from Google Analytics, AppsFlyer and Mixpanel. While LastPass’ password encryption normally protects your passwords from being viewed by any tracker or site, these trackers let third-party companies collectof the sites you visit.
“These trackers are industry standard mobile analytics tools and are used for a limited purpose — to collect aggregated statistical data about how LastPass is used to help us improve and optimize the product to deliver the best user experience,” LastPass said in a public statement.
The company also said it is continuously reviewing its existing processes to prioritize customer privacy and security. In his analysis, however, Kuketz said he was unable to opt out of sharing data with LastPass’ trackers.