Skip to content

T1435 Access Calendar Entries

An adversary could call standard operating system APIs from a malicious application to gather calendar entry data, or with escalated privileges could directly access files containing calendar data.

Item Value
ID T1435
Tactics TA0035
Platforms Android, iOS
Version 1.0
Created 25 October 2017
Last Modified 17 October 2018

Procedure Examples

ID Name Description
S0405 Exodus Exodus Two can exfiltrate calendar events.4
S0408 FlexiSpy FlexiSpy can collect the device calendars.1
S0407 Monokle Monokle can retrieve calendar event information including the event name, when and where it is taking place, and the description.5
S0316 Pegasus for Android Pegasus for Android accesses calendar entries.2
S0328 Stealth Mango Stealth Mango uploads calendar events and reminders.3


ID Mitigation Description
M1005 Application Vetting On Android, accessing device calendar data requires that the app hold the READ_CALENDAR permission. Apps that request this permission could be closely scrutinized to ensure that the request is appropriate. On iOS, the app vetting process can determine whether apps access device calendar data, with extra scrutiny applied to any that do so.


Back to top