A security researcher is recommending against LastPass password manager after detailing seven trackers found in the Android app, The Register reports. Although there is no suggestion that the trackers, which were analyzed by researcher Mike Kuketz, are transferring a user’s actual passwords or usernames, Kuketz says their presence is bad practice for a security-critical app handling such sensitive information.

https://www.theverge.com/2021/2/26/22302709/lastpass-android-app-trackers-security-research-privacy

Responding to the report, a spokesperson from LastPass says the company gathers limited data “about how LastPass is used” to help it “improve and optimize the product.” Importantly, LastPass tells The Register that “no sensitive personally identifiable user data or vault activity could be passed through these trackers.” They added that users can opt out of the analytics. On the LastPass web interface the option is located in the LastPass Privacy settings, accessible via “Account Settings > Show Advanced Settings > Privacy,” the spokesperson said.

LastPass was acquired by LogMeIn in October 2015. LogMeIn was sold in August 2020 to Francisco Partners and Evergreen Coast Capital Corp., which is a private equity affiliate of Elliot Management Corp, one of the largest activist funds in the world.

John Carter Sr.