Security Researchers Find Seven Trackers in LastPass Password Manager’s Android App

Last Updated: June 1, 2021

It is not unusual to hear of apps being infected with trackers these days. One common reason for this is the premium placed on data. Actors, ranging from advertising companies to even cybercriminals, increasingly search for ways to collate and use data. While people are usually quick to identify and block trackers on other apps, they are not so conscientious regarding password managers. This is because password managers are supposed to be beacons of privacy. Thus, it becomes even more disturbing to discover that some password managers actually expose their users’ privacy by allowing trackers on their apps.

What is LastPass?

LastPass is a password manager that allows users to generate, store and easily retrieve passwords and usernames. Some of the benefits of LastPass are that it is a convenient, time-saving, and more secure way to store usernames and passwords. Rather than storing such information on a notebook, LastPass offers you a virtual alternative that is better.

The general idea behind password managers is that they help users store their passwords. The route through which they achieve this, however, differs from one app to the other. For LastPass, all passwords are stored in a virtual vault. The user alone has the master password which opens the vault.

LastPass locks up the passwords and stores them on a server. This, as stated earlier, can only be accessed with the master password. The company itself does not even have access to this password or the content of the cloud storage. This means that if the user loses their master password, they will be unable to have access to their vault forever.

LastPass is available for most device types. Hence, you can download and use LastPass on Android, iOS, macOS, Linux, and other devices. It also offers extensions for chrome.

Features of LastPass

Some of the unique features of LastPass include:

1. Automatic Generation of Passwords

LastPass enables you to create new and secure passwords for your online accounts easily. Say, for instance, you want to change your Facebook or Instagram password; you need not worry about coming up with one that is impenetrable. Locate and tap the “Auto Change Password” on your LastPass app and LastPass will change and store the password securely for you.

2. Credit Card Details Storage

You can safely upload your credit card information and other sensitive data to the LastPass platform. It has forms for storing information relating to credit cards, insurance information, etc. You can even take a step further to store pictures of these items too. You can easily retrieve such data when you need to.

3. Password Sharing

You can share passwords between devices, whether yours or with someone else. For instance, if you need to send your password to someone, you could securely do that on the platform. Also, if you are severely incapacitated, a trusted person can gain access and retrieve your password.

7 Trackers Discovered on the LastPass App

Ordinarily, LastPass has one of the best features for any password manager. These features ought to incentivize users to go along with their offers. However, it was recently discovered that the Android version of the password manager comes embedded with 7 trackers. That certainly would impact the level of trust users have for the app.

Problems perhaps started when LastPass announced that it was severely limiting its free offering. However, even more startling revelations revealed that the app might have been compromising its users’ securities with the presence of such trackers.

The discovery comes on the heels of intense research carried out by journalist Mike Kuketz. Of the 7 trackers discovered, 4 were from Google. These Google trackers actually handle analytics and crash reporting. Another belonged to a company known as Segment and gathers data used for marketing. There is no identifying information about the source of the other two trackers.

Kuketz revealed that there was no evidence that these trackers actually transfer users’ passwords to third parties. An analysis of the data the trackers access shows that they transmit details about the user’s phone make and model. Furthermore, they also relay information about whether the user makes use of biometric security. Even though these may not amount to specific data breaches, their presence is nonetheless disconcerting, especially for an app that is supposed to protect its users’ privacy. More so, the presence of third parties increases the potentials for infiltration and break-ins. It is doubtful whether users would have gone ahead with the app in the first place if they were aware of this fact from the start.

A spokesperson from LastPass has attempted to clarify the presence of the trackers on its apps. It stated that no sensitive or identifiable personal information of the users is tracked. They further stated that the data generated is to improve the functionalities of the apps. Finally, users can opt out of the analytics whenever they want, the spokesperson stated.

An Alternative App to LastPass

It is understandable if any user wants to make a U-turn based on the recent revelations concerning LastPass. In that case, a viable alternative is 1Password. 1Password has rivalled LastPass for a long time. Both password managers have similar functionalities, providing a safe space for the password and usernames of users. Even more so, it was included in the research, and the result showed that it had no embedded trackers.

Conclusion

The discovery that the LastPass password manager has embedded trackers is certainly a letdown. However, users can easily opt out of the analytics by altering the app’s settings. Alternatively, any such user can explore the alternative to LastPass.