I have tested using
ACCESS_CONFIDENTIAL and it works as expected. So, we could sync that value, but there are currently no calendar apps supporting it.
The problem is that when you edit an event with
ACCESS_CONFIDENTIAL, most calendar apps set it to “server default”, which is by iCalendar definition the same as
PUBLIC. So, when someone edits a confidential event and doesn’t change the classification intentionally, it will switch from confidential to public, which would reveal private data.
If at all possible, I’d like to avoid additional options and settings, because they make everything unnecessary complicated and most users don’t want to learn about the details of iCalendar before using DAVdroid.
So what can we do in this case?
- Maybe use “server default” in some way. For instance, we could map it to “confidential”.
Advantage: All three classification levels could be chosen in the GUI.
Disadvantages: “Server default” has no useful meaning to users and it’s confusing that “server default” doesn’t mean “server default”, but “confidential”. Also, “server default” should be
PUBLIC in CalDAV.
- Make a setting what “server default” means. The default value could be “server default” (as now), but users could change it to confidential. This would solve the problem, but only for users who play around with classification settings (most people won’t, but many people want to use shared calendars).
- Map all settings 1:1 and accept that confidential events might become public unintentionally. At the same time, encourage calendar app vendors to implement
This solution would be the cleanest and my preferred one, but there’s still the disadvantage that at the moment, no calendar apps support it yet and that confidential events might become public when edited on an Android device without setting the classification to “private”.
- Workarounds like saving the classification of received events in an additional field. If such an event is then modified locally and the classification changes to “server default”, use the saved classification. This would at least prevent leaking private data.
What do you think?
Also there is no way to set the default privacy setting for davdroid calendars.
Please report this to your calendar app vendor.