Spam messages are no longer news to Gmail users. But when email messages are hijacked to create fictitious events in the Calendar app, it’s safe to say the problem becomes serious.
It’s all Google’s fault, as the American company has developed the very tools now used by spammers. Specifically, they use specially formulated good Gmail messages to automatically save events in the Calendar app. Users are then confronted with advertising messages appearing as notifications for events saved in Calendar.
Initially, the auto-generate event alerts feature was introduced as a way to help users who use Gmail for service purposes. For example, to automate alerts for meetings or appointments that you might otherwise miss, being too busy with other work-related activities. The problem is that that functionality hasn’t been restricted enough, for example, to be available only to certain trusted contacts. Instead, anyone can send messages to Gmail accounts, specifying in text form the saving of events in the pre-installed Calendar app on Android an phones.
Reacting to combat this phenomenon, Google last year added an anti-spam setting to the Calendar app. Found under Menu -> Settings -> General -> Adding Invitations -> Add invitations to my calendar, the setting allows you to restrict automatic saving of events from From everyone to Only if the sender is known, or, When I respond to the invitation in email. Although very useful, the setting has not been automatically changed to one of the “safe” options, leaving users who don’t know about it to deal with it as best they can.
Predictably, the lack of initiative on Google’s part has allowed spam abuse via the Calendar app to escalate. Eventually, it looks like Google will update the mobile app by default ticking the Only if the sender is known option, ensuring that Calendar records can still only be automatically saved for requests received from contacts with whom it has already interacted. For example good if you replied to a message containing an invitation to an event.