T1636.001 Calendar Entries
Adversaries may utilize standard operating system APIs to gather calendar entry data. On Android, this can be accomplished using the Calendar Content Provider. On iOS, this can be accomplished using the
If the device has been jailbroken or rooted, an adversary may be able to access Calendar Entries without the user’s knowledge or approval.
|T1636.001, T1636.002, T1636.003, T1636.004
|01 April 2022
|16 March 2023
|Exodus Two can exfiltrate calendar events.5
|FlexiSpy can collect the device calendars.1
|Monokle can retrieve calendar event information including the event name, when and where it is taking place, and the description.3
|Pegasus for Android
|Pegasus for Android accesses calendar entries.4
|Stealth Mango uploads calendar events and reminders.2
|Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar.