To be fair, it’s worth noting that the majority (all?) of the flaws were found around organization management, SSO, vault sharing and compatibility features. All of which severely expand the attack surface of any password manager, and hence should be avoided like a plague.

Also worth noting that the actual whitepaper (also linked in the article) is much better written than the article, and it was an interesting and easily understandable read. Give it a go.

And thanks for sharing!

Yes, for small, especially non-IT businesses, it’s really hard. But thank you again for the article, I think we might (unfortunately) need such setup for different other things in the near future too.

There’s only one thing you can do: stop using it, stop giving them [an opportunity to use your data for] money. Everything other solution is mediocre at best. Thanks for sharing, though.

Thankfully, this particular kind of tracking can be reduced practically to 0 with good informational hygiene: don’t give location permissions to crappy apps. Basically, don’t give it to any app (yes, google apps included), unless you’re absolutely sure this app doesn’t spy on you — or even better — doesn’t have internet access at all. Make it a rule: an app should either access internet or access your location, but never both.