German security firm, Exodus has conducted an extensive investigation on the password manager application LastPass where it found that the service collects and sends personal information of subscribers using the Android app. LastPass is able to get this done with the help of seven different built-in trackers.
There is of course the opportunity to opt-out of those trackers but the existence of the built-in software itself cold be a potential security risk for its users. The trackers collect data such as device information, mobile operator, the type of LastPass account and the Google Advertising ID used to connect user data across other apps and platforms.
Four of those trackers are for Google analytics and crash reports while the rest are serving info to AppsFlyer, MixPanel and Segment with the latter specializing in user profiling and targeting ads.
A spokesperson for LastPass made it known that all of the trackers serve to improve the user’s experience and also promises they don’t send out sensitive user information.
And in case you don’t want those trackers on your phone, you can disable them by heading to the Privacy sub-menu in the app and turn them off.
