After LastPass implemented a big change in the free version of the app's password manager, the company is under scrutiny.
The company claimed that all app users have the option to opt-out of these analytics regardless of browser of the device. Image: LastPass
After LastPass implemented a big change in the free version of the app’s password manager, the company is under scrutiny. It has been found that the Android app of LastPass contains as many as seven trackers. According to reports, tester Mike Kuketz decided to check the app with the help of Exodus- an Android privacy audit platform and it was during this check, the seven trackers in the LastPass app were discovered.
These seven trackers include Google Analytics, AppsFlyer, Google Firebase Analytics, Google CrashLytics, Google Tag Manager, MixPanel and Segment. It has been noted that these Google trackers are being used for analytics as well as crash reporting, however, MixPanel and Segment are platforms that can utilise data via user profiling and advertisements. Usually, data collection is not uncommon for apps but LastPass, being a password manager, is expected to be different. In such cases, a high level of trust is demanded and therefore, LastPass is being criticised.
Commenting on the existence of such trackers, the company spokesperson has explained that these trackers are only able to collect aggregated statistical data which is limited and it only discloses how LastPass is used that allows the company to optimise the product and work on improvements. “No sensitive personally identifiable user data or vault activity could be passed through these trackers,” the spokesperson said (via The Register).
Further, the company claimed that all app users have the option to opt-out of these analytics regardless of browser of the device. In order to disable the analytics, users can go to the Privacy Settings page and opt out of it. “We are continuously reviewing our existing processes and working to make them better to comply, and exceed, the requirements of current applicable data protection standards,” the company said.