The Exodus report on LastPass shows seven trackers in the Android app, including four from Google for the purpose of analytics and crash reporting, as well as others from AppsFlyer, MixPanel, and Segment. Segment gathers data for marketing teams and claims to offer a "single view of the customer", profiling users and connecting their activity across different platforms.
LastPass has many free users – is it a problem if the company seeks to monetise them in some way? Kuketz said it is. Typically, the way trackers like this work is that the developer compiles code from the tracking provider into their application. Even the app developers do not know what data is collected and transmitted to the third-party providers, said Kuketz, and the integration of proprietary code could introduce security risks and unexpected behaviour, as well as being a privacy risk. These things do not belong in password managers, which are security-critical, he said.
The article below does give guidance though on how to disable it, although the code remains in the app.
See 1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
Third-party code in security-critical apps is obviously suboptimal, but company says you can opt out