Despite the recent planner craze, most people today rely on digital calendars, especially at work. We even use special digital calendars to track health information – we’ll put anything into a calendar app if it will help us manage our overburdened lives. Early in September, however, Google disclosed that there had been a long-running security problem with their calendar app, leaving users vulnerable to spam and credential theft, among other issues. The problem dates back to at least 2017, and the company knew about it, but didn’t want to fix it because it would compromise the program’s functionality. In other words, security took a backseat to convenience.
Given Google’s nonchalance about user security, as well as the ways other calendar companies have left user data exposed, it’s time for users to evaluate how much data we entrust to our calendars. While a great calendar can help you get things done and prioritize tasks, we all need to pay attention to the terms and conditions, security settings, and linked tools before loading our whole lives into any app.
The Security Landscape
In addition to the long-running security flaw in the Google calendar mentioned above, Google has recently been forced to contend with another issue: a flood of spam calendar invited. This is a newer issue, but a decidedly annoying and concerning one. Much like spam emails, spam calendar invites come from fake accounts and often contain links to phishing websites. Unfortunately, it’s hard to prevent these types of emails, as they rely on the same mechanism that allows coworkers and friends to send event invitations. Better spam filters could help, but the current algorithm isn’t designed to deal with calendar invites.
Though all Google calendar users are vulnerable to hacks, iPhone users have been targeted more than Android users. Hackers plant exploit code in certain websites that can collect passwords from the phone’s keychain, their Gmail contacts, chat histories from WhatsApp, iMessage, and Telegram, and more. It’s enough for hackers to infiltrate a variety of user accounts, and calendars are no exception.
It’s not just Google’s calendar app that’s guilty of leaking user information; some of the popular health trackers have done the same thing. This has led to what some refer to has “menstrual surveillance” – the exploitation of women’s reproductive data for profit. This type of data leak may not seem as compromising as having all of your meetings and responsibilities leaked, but at a time when reproductive health is a contentious political issue, this type of information could be used to limit women’s access to medical care.
How Much Should Your Calendar Know?
Faced with these complicated security concerns, how much do we want our calendars to know and how can we balance our need for organization with our desire for privacy? Particularly in professional contexts, most people want their calendars to be clear and intuitive – and, most importantly, we load them with information to guide us through the associated projects and meetings. That’s why Google’s calendar program is so popular and the program can be made even more powerful using a calendar analytics extension. These programs can identify the time zones of various participants, simplify scheduling, and help users evaluate how they currently use their time and how they can streamline their workflow.
Calendar users should also stay abreast of updates to their software of choice. For example, if you plug a vacation into your Google calendar, coworkers may be alerted that you’re going to out of office before sending you an email. Is that creepy or useful? People’s responses vary, but you should know it’s happening. By preempting the typical “Out of Office” message, Google is trying to save users time, but instead it may just come off as an invasion of privacy. No one is losing that much time to “Out of Office” emails.
Does Microsoft’s Outlook do any better at protecting user privacy? It depends what third-party apps you connect it to, but generally speaking, your data is equally vulnerable across calendar programs. That being said, we don’t typically put the most important information into our calendars – it’s a bare bones tool for managing tasks and setting priorities. What really needs protecting is the personal data behind the calendar. Calendars need strong security because they’re linked to emails and passwords, not because your work meetings are fascinating to the hackers behind these attacks.
When choosing a calendar tool, the most important factor is compatibility – within your office, with other applications, and with your professional needs – not so much security. As for your data, with any hope the scandal surrounding Apple’s extended security lapse will push the company and its competitors to do better. Calendar security may not be taken as seriously as that surrounding banking apps, email, or healthcare content, but the more information we load into our calendars, the more we need to protect the information therein.