LastPass password managing app accused of tracking user information; company denies
The Exodus report states that although LastPass asks you to give permission for these trackers, the fact that these exist in the first place is something of concern for users.
It looks like LastPass, the password managing software that several of us use everyday to keep passwords of websites safe, is not as secure as we think. According to a research by a German security firm, Exodus, LastPass is found to collect and send personal information of subscribers using the Android app. And this is said to be done using seven built-in trackers.
The Exodus report (via GSMArena) states that although LastPass asks you to give permission for these trackers, the fact that these exist in the first place is something of concern for users.As per mentioned in the research, the tracker is said to collect personal data including device information, mobile operator, the type of LastPass account and the Google Advertising ID.
Out of these seven trackers mentioned in the blog post, four are for Google analytics and crash reports, while the other four are seen serving AppsFlyer, MixPanel and Segment. It is worth adding that Segment specialises in collecting analytics data across any platform.
However, LastPass is aware of it and says that these trackers exist to improve your experience. The spokesperson also promises that LastPass doesn't share user data with anyone else.
"No sensitive personally identifiable user data or vault activity could be passed through these trackers," The Register said a LastPass spokesperson replied. "These trackers collect limited aggregated statistical data about how you use LastPass which is used to help us improve and optimize the product."
So, if you are a lastPass user and don't want these trackers, on your phone you can disable them by visiting the Privacy sub-menu in the app and switching them off.