LastPass has been making the headlines recently for a big change it implemented in the free version of its password manager. Now the company is under scrutiny after it was discovered the LastPass Android app contains seven trackers.
The seven trackers found are as follows:
All of the Google trackers are for analytics and crash reporting, but MixPanel and Segment also cover user profiling and advertisements. So as you use the LastPass app, data is being gathered for marketing purposes and a profile of the user is constructed. This isn’t uncommon for apps to do, but LastPass is a password manager and therefore demands a high level of trust from its user base.
When The Register asked LastPass about the existence of these trackers, a spokesperson responded by explaining,
“No sensitive personally identifiable user data or vault activity could be passed through these trackers. These trackers collect limited aggregated statistical data about how you use LastPass which is used to help us improve and optimize the product.”
“All LastPass users, regardless of browser or device, are given the option to opt-out of these analytics in their LastPass Privacy Settings, located in their account here: Account Settings > Show Advanced Settings > Privacy. We are continuously reviewing our existing processes and working to make them better to comply, and exceed, the requirements of current applicable data protection standards.”
While it’s good to see you can disable the trackers in settings, it’s always disappointing to have them presented as opt-out features rather than opt-in. And if the changes to the free version of LastPass weren’t enough of a nudge to get you to consider switching, perhaps the fact you are being tracked and profiled is. There are a number of alternatives password managers available that are free of such trackers.