Accessing your Google Calendar (and contacts and tasks) from your smartphone in a somewhat private way

Say, for instance, that your employer in its great wisdom has decided to use Google’s Google Apps for, among other things, employees and company calendar.

Say, for instance, that you don’t want to let Google have full view and control over your phone, even if you run Android.

You might, for a start, not connect a Google account to your phone.

Or better, you might instead run an Android-based system on your phone (such as GrapheneOS or LineageOS) and not install the Google services on your phone

But having the reminders pop-up on your phone is very, very convenient and to connect to your Calendar you’re supposed to add a Google account to your phone.

What to do?

Fortunately, you can combine DAVx? with Orbot to access your calendar without setting up a full Google account on your phone.

Here’s how.

Short version

  • Configure DAVx5 to use Orbot’s HTTP proxy
  • Add a DAVx? account with url <https://www.google.com/calendar/dav/<emailaddress>/events>, login <emailaddress> and an application password you’ve generated in your Google account for password .
  • Check the Google calendar is synchronising and that your calendar app is displaying it.

Longer version

On the Google side

Create a an “App Password”, separate from your usual Google account password. The Google documentation on this is good.

Essentially: go to your Google account > Settings > Security, “Signing in to Google” section > App Passwords.

Generate a new password. I called my app “Dav on Android”.

Write the password down (in a password manager, ideally).

That’s it.

On the Android side

These steps come from the DAVx? documentation which is helpful and to the point

Connecting privately to the Google servers: we’ll connect via Tor using Orbot

Install Orbot. You can install it from F-droid.

Ensure Orbot is offering an HTTP proxy (for local apps to connect through to Tor): Settings > `Debug: Tor HTTP`.

Recent versions of Orbot will even show you the port on which the proxy is offered on the app’s main screen (it’s often 8118, but it can be different if you have multiple Tor apps on your phone running at the same time. It was 8119 in my case).

Calendar access: we’ll use the CalDav protool using DAVx?

Install DAVx?. You can install it from F-droid.

Tell DAVx? to connect to the Internet using Tor.

Settings > tick `Override proxy settings` and set `HTTP proxy host name` to `localhost` and `HTTP proxy port` to `8118` (or the port that appears on Orbot’s main screen, it was 8119 in my case, as mentioned above)

Go back to DAVx?’s main screen and click the “+” to add an account.

Choose “Login with URL and user name” and enter the following:

– Base URL: `https://www.google.com/calendar/dav/<youremailaddress>/events`

– User name: <youremailaddress>

– Password: <the app password you generated in step 1>


DAVx? should log in, find your stuff and offer to synchronise calendars, contacts and tasks.

You can choose what to sync. I chose to only sync the calendar (i’m not sure contacts would even work considering my company uses an LDAP directory and i don’t know how that’s connected to Google’s “contacts” feature. As for tasks. i use taskwarrior and sync that in a different way).

The last step is then to go into your phone’s calendar app and check the Google calendar is selected both for syncing and displaying.

Result

Your phone will now have access to your Google calendar, using your normal user login and a specific password (which you can revocate if your phone gets lost or stolen).

Google should only see you make the requests for the calendar from Tor and thus not know where you are requesting this from.

Bear in mind that further correlation between the IP addresses you are accessing Google-related resources from (say, from your laptop) will probably make it possible to determine where you are, even if your phone is not giving that information away.

But this means you can at least not worry too much about your phone pinging your IP and thus your general geographical area to Google all the time.

Alternative route

Depending on how your Google apps admin has set up things, you may or may not have a “private address” you can use to access your calendar (read only).

Unfortunately, as of writing (Sept 2019), ICSx? (DAVx?’s webcal/ical sister app’) does not have a setting to set it up to use proxy. If you have a rooted phone you can tell Orbot to force apps to connect via Tor and tell it to put ICSx? in that list.

In this case, add the Google calendar “private address” to ICSx? and ask Orbot to force ICSx? to connect to the Internet via Tor.

Leave a Reply

Your email address will not be published. Required fields are marked *