OLD:
Application vetting services could look for android.permission.READ_CALENDAR or android.permission.WRITE_CALENDAR in an Android application’s manifest, or NSCalendarsUsageDescription in an iOS application’s Info.plist file. Most applications do not need calendar access, so extra scrutiny could be applied to those that request it.
On both Android and iOS, the user can manage which applications have permission to access calendar information through the device settings screen, revoke the permission if necessary.
NEW:
A defender observes an Android application requesting for android.permission.READ_CALENDAR or android.permission.WRITE_CALENDAR, which may also be listed in the application’s Manifest.
| Data Component | Name | Channel |
|---|---|---|
| OS API Execution (DC0021) | android:logcat | Invocation of Calendar.set() and Calendar.add() |
| Application Permission (DC0114) | android:MDMLog | Application granted or retaining the READ_CALENDAR or WRITE_CALENDAR permissions. |
Application vetting services could look for android.permission.READ_CALENDAR or android.permission.WRITE_CALENDAR in an Android application’s manifest, or NSCalendarsUsageDescription in an iOS application’s Info.plist file. Most applications do not need calendar access, so extra scrutiny could be applied to those that request it.
On both Android and iOS, the user can manage which applications have permission to access calendar information through the device settings screen, revoke the permission if necessary.
| Data Component | Name | Channel |
|---|---|---|
| Application Permission (DC0114) | Application Vetting | None |
| System Settings (DC0118) | User Interface | None |