Articles LastPass for Android found seven built-in trackers

LastPass for Android found seven built-in trackers


German cybersecurity expert Mike Kuketz noticed that there are seven trackers in the LastPass app for Android that monitor users.

The researcher builds his findings on the report of the non-profit organization Exodus , which is described as an initiative “led by hacktivists, the goal of which is to help people understand the problems of tracking in Android applications.”

Seven trackers were found in the password manager, including four from Google that collect data for analytics and crash reporting, as well as AppsFlyer, MixPanel and Segment. For example, the latter collects information for marketing teams, and its developers write that the tool offers to create a “single view of the customer” by profiling users and linking together their actions on different platforms (presumably to personalize ads).

Kuketz believes that in this way the developers of LastPass seek to monetize the huge number of free users of their application. At the same time, the researcher warns that often application developers do not know at all what data trackers collect and what they transfer to third parties. As a result, integrating someone else’s proprietary code into an application can be dangerous and can lead to data leakage. According to the expert, there is no place for such trackers in a password manager, whose security is extremely important.

According to the expert, LastPass transmits to the side information about the device used, the carrier, the type of the LastPass account, the Google advertising ID (which can be used to link user data from different applications). In addition, trackers “know” when a user creates new passwords and what type they are.

As a result, Kuketz comes to the conclusion that instead of LastPass, it is better to use other password managers, for example, the open source KeePass. The fact is that, according to Exodus, there are no trackers at all in either the KeePass code or the 1Password code. In the open source Bitwarden code, you can find two “beacons”: analytic Google Firebase and Microsoft Visual Studio crash reporting, and four were found in the Dashlane code.

LastPass representatives have already assured the media that using the detected trackers it is impossible to transfer confidential user data, and their storage is also safe. It is emphasized that trackers only collect statistical information about the use of the application, which is used to improve and optimize the product. In addition, you can opt out of collecting analytics in the settings.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you