When you’re using a password manager app, one major concern would be privacy and security. After all, you are entrusting all your passwords to a single app and so it should be trustworthy and secure. LastPass used to be a pretty popular password manager but its recent announcement changing how the free offering will operate has suddenly made it pretty unpopular. And now it looks like a new security report will make it even more unpopular as security experts say the app has not one but seven embedded trackers that you won’t see in most other password managers.
German security researcher Mike Kuketz says that there are seven trackers detected in the LastPass Android app. While four of those are Google-owned, making them slightly more secure, the other three are lesser-known trackers. This means they may pose as a security liability since most of the time, developers are not aware of how data is processed by the service provider. LastPass has assured users that no sensitive personally identifiable user data and activity are accessed by the said trackers.
It’s not unusual for mobile apps to have embedded trackers, although most of them say they use this to improve their services. A lot of the trackers that these apps add are from established ones like Google and so the responsibility is transferred to these third parties. The problem comes when apps don’t inform their users that they are embedding such things, especially if your app is meant for security and privacy.
LastPass got into hot water with its users when they announced that Free users will soon have to choose between accessing their password manager either on their mobile device or on their computer. Of course if you want to keep your access on all devices, you’ll have to subscribe to a Premium plan at a rate $2.25 per month only for those switching from free to paid (normally it’s $3 per month).
The Register notes that rivals 1Password and KeePass does not have any of these embedded trackers so that’s a minus point for LastPass. Of course they’re probably not the only ones that have trackers but it is pretty bad timing for them given the recent “controversy”.