Google Calendar Security Flaw Causes Private Calendar Event Leaks

January 23, 2014 - Written By Patrick Northcraft


Names are very important, but in the world of the Google Calendar, which is becoming more convenient every day, they might just make things a heck of a lot more awkward very quickly.  It turns out, the way you name your event could in fact open it up to being viewed by others, without you even knowing.  When using the calendar, it is possible to allow others to see notifications for an upcoming event.  Google has been the subject to many privacy concerns, but they’ve stayed true to their guns.  While this may have some limited practical uses, it is more likely to cause problems.  If you are using the calendar on the web and you type in a Gmail address in the subject line, the user of that Gmail will have the event added to their calendar.  For example, if you put a reminder on the calendar that says ’email about runaway puppy’, that event will pop up on their calendar as well.  However, it will not be an email notification, rather just a meeting reminder pop up.  If you do this via the Android app, this issue will not occur; it happens solely with calendar online.  Only some non-Gmail addresses will see the actual meetings in their calendar, but when you delete an item like this, the cancellation notification is emailed whether or not the person received the initial invitation.

I can see what Google tried to do.  They wanted to make it easier for people to let others know about their upcoming events, perhaps even make it so you could put an event onto a forgetful friend’s calendar for them.  However, just because we are attempting to talk about someone does not mean we want to speak to someone.  Google formally disclosed this privacy issue on January 6, 2014, and almost two weeks later released a statement, view-able at the source listed below, that they do not deem this as a major security issue.  While they may be correct that the problem is more likely to cause personal annoyances rather than a security breach, the fact remains that Google is being rather open with what should be a private source of information.  What do you think?  Is Google stepping over the proverbial line?  Or is it perfectly alright for them to do this?  Let us know in the comments!

Via:  The Verge , Source:  Terence Eden’s Blog