A change in LastPass’s recent policy on coordination between computers and mobile devices – now only for premium customers – has been leaked to users, particularly to Bitvarden.
Following an analysis by Mike Kuketz via Exodus, the publisher now has to deal with the discovery of seven trackers in its Android app.
Four are from Google and are used for error reports and technical indicator feedback, the other three come from AppsFlyer, MixPanel and Segment. These are mainly used for user profiling, largely for advertising purposes.
Problematic usage as part of the password manager. Integration of trackers suppresses the compilation of third party code, over which the corresponding editor does not control. For Kooketz, these are additional security risks, particularly for applications handling such sensitive data.
The security researcher specifies that BitWarden integrates two trackers, one for Firebase (Google)-related indicators, the other for Visual Studio crash reports. And others? Dashlane includes Char, 1Password and KeePass.
For LastPass, no problem: ” Personally identifiable sensitive data or activity in the vault cannot pass through these trackers. They only collect limited statistical data on how you use LastPass, which allows us to improve and optimize the product. »
The publisher adds that this archive can be truncated to the account’s advanced settings, and its processes are constantly modified. One way to indicate that in the event of a very large scam or quick user leak, the situation may change.