User blog:CharCharChar/PTM Privacy Risks

Note: this is part of a series of article annotations on Personal Task Management (PTM). If you have questions or constructive criticism or suggestions for further research please comment :D

Azfar Choo and Liu (2017) looked at the data created by personal task management apps and saved on your device's internal memory - which means it could be extracted if your device was stolen. Many personal task management apps store the time and location a task is created and keep completed or deleted tasks.

Habitica, which was not included in this study, has the Habitica Official User Data Display Tool. It seems user data is stored on Habitica's servers, but you must have the correct User ID and API token to access your data.

On my iPhone Habitica is using 43.9MB of the device's storage - 10.9 MB of which is documents and data. On my android device, total storage is 46.55 MB with 1.64 MB for data and 4.4 MB for "cache".

The cache is for images the app wants to pull up quickly. This probably includes my avatar and the header graphics. The data could just be my preferences like cron, but it probably also has some task history. When I open Habitica on my phone I often see the tasks as they were the last time I opened my phone, then I drag down to refresh and see the up-to-date synced tasks. This implies to me that my phone's internal memory takes snapshots, at the very least, of my tasks.

The Habitica User Data Display Tool shows the date and time habits were completed. No location data is seen through the display tool, but that isn't a guarantee that data isn't collected. I didn't read the Habitica privacy or security policies when I joined a year ago. I'm inspired to search the wiki!

Azfar, A., Choo, K. R., & Liu, L. (2017). Forensic taxonomy of android productivity apps. Multimedia Tools and Applications, 76(3), 3313-3341. DOI 10.1007/s11042-016-3718-2