Kuketz did not suggest that actual passwords or usernames are transmitted, but did note the absence of any opt-out dialogs, or information for the user about the data being sent to third parties. During use, the data also shows when new passwords are created and what type they are. He found that this included details about the device being used, the mobile operator, the type of LastPass account, the Google Advertising ID (which can connect data about the user across different apps). Kuketz also investigated what data is transmitted by inspecting the network traffic. These things do not belong in password managers, which are security-critical, he said. Even the app developers do not know what data is collected and transmitted to the third-party providers, said Kuketz, and the integration of proprietary code could introduce security risks and unexpected behaviour, as well as being a privacy risk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |