Access Calendar Entries

An adversary could call standard operating system APIs from a malicious application to gather calendar entry data, or with escalated privileges could directly access files containing calendar data.

ID: T1435

Tactic Type:  Post-Adversary Device Access

Tactic: Collection

Platform:  Android, iOS

MTC ID:  APP-13

Version: 1.0

Mitigations

Mitigation Description
Application Vetting On Android, accessing device calendar data requires that the app hold the READ_CALENDAR permission. Apps that request this permission could be closely scrutinized to ensure that the request is appropriate. On iOS, the app vetting process can determine whether apps access device calendar data, with extra scrutiny applied to any that do so.

Examples

Name Description
Pegasus for Android

Pegasus for Android accesses calendar entries.[1]

Stealth Mango

Stealth Mango uploads calendar events and reminders.[2]

Detection

On both Android (6.0 and up) and iOS, the user can view which applications have permission to access calendar information through the device settings screen, and the user can choose to revoke the permissions.

References