Skip to content

DET0674 Detection of Calendar Entries

Item Value
ID DET0674
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1636.001 (Calendar Entries)

Analytics

Android

AN1774

Application vetting services could look for android.permission.READ_CALENDAR or android.permission.WRITE_CALENDAR in an Android application’s manifest, or NSCalendarsUsageDescription in an iOS application’s Info.plist file. Most applications do not need calendar access, so extra scrutiny could be applied to those that request it. On both Android and iOS, the user can manage which applications have permission to access calendar information through the device settings screen, revoke the permission if necessary.

Log Sources
Data Component Name Channel
Permissions Requests (DC0114) Application Vetting None
System Settings (DC0118) User Interface None
Mutable Elements
Field Description

iOS

AN1775

Application vetting services could look for android.permission.READ_CALENDAR or android.permission.WRITE_CALENDAR in an Android application’s manifest, or NSCalendarsUsageDescription in an iOS application’s Info.plist file. Most applications do not need calendar access, so extra scrutiny could be applied to those that request it. On both Android and iOS, the user can manage which applications have permission to access calendar information through the device settings screen, revoke the permission if necessary.

Log Sources
Data Component Name Channel
Permissions Requests (DC0114) Application Vetting None
System Settings (DC0118) User Interface None
Mutable Elements
Field Description