LastPass uses a lot more trackers than other password managers, according to a new study. The company itself nuances this by stating that the trackers do not pass on overly sensitive data.
LastPass’s Android app contains seven trackers, says an analysis by Exodus, a nonprofit that analyzes app tracking. German security researcher Mike Kuketz elaborated on this and looked at what such trackers do.
His research shows four trackers come from Google itself (Analytics, CrashLytics, Firebase Analytics and Tag Manager). The other three are AppsFlyer, Mixpanel and Segment.
Segment collects data for marketing purposes and, according to Kuketz, LastPass itself does not know with certainty which data it sends to third parties in that way. “For an app that makes compassionate data available, it is simply an offer of weakness,” he writes. “It’s completely out of the question to integrate this into password managers.”
In principle, passwords themselves are not forwarded but include the time when a password is created and what type of password it is.
The Register notes that LastPass is doing a lot worse than competitors. Both 1Password and KeePass do not use trackers. Bitwarden uses two (Google Firebase and Microsoft Visual Studio crash reporting), Dashlane uses four.
Meanwhile, LastPass responded to the site to emphasize that no sensitive personally identifiable user data or vault activity is passed through the trackers. It would only be about statistical data on how people use LastPass.
The password manager has been a free excellent manager for many years. But last week, LastPass also received a lot of criticism from users because the company drastically restricts the free version so that it can no longer be used on both PC and smartphone. Users who still want to do so must now take out a paying subscription. However, that is now three times more expensive than a few years ago.