In version 6.21.0.11584 of the LastPass app, the presence of four trackers and 29 permissions has raised concerns regarding user privacy and security. A report dated December 12, 2024, reveals the application utilizes the following trackers:
- Google CrashLytics: A tool for logging crashes,
- Google Firebase Analytics: An analytics service,
- Pendo: An analytics platform,
- Segment: A profiling and analytics platform.
Trackers are software modules designed to collect data about users and their activities, which can be troubling, particularly when data collection lacks transparency.
The app also requests 29 permissions, including the following:
- ACCESS_NETWORK_STATE: Access to network connection information,
- RECORD_AUDIO: Permission to record audio,
- SYSTEM_ALERT_WINDOW: Ability to overlay content over other apps,
- USE_BIOMETRIC and USE_FINGERPRINT: Access to biometric hardware,
- NFC: Management of NFC functionality,
- POST_NOTIFICATIONS: Sending notifications,
- QUERY_ALL_PACKAGES: Access to data about all installed apps.
Some permissions are classified as “Dangerous” or “Special” under Google’s security system, indicating potential access to critical device functions and necessitating heightened attention to the possible implications for privacy.
It is important to note that the report is based on a static analysis of the APK file, meaning it does not guarantee the actual activity of trackers within the application. Additionally, the app may contain unidentified trackers. Furthermore, there is no available information regarding X.509 certification, which could be another indicator warranting further security scrutiny.
Users concerned about privacy are advised to explore alternative applications. For those with doubts, contacting the developer for additional clarification is recommended.
