DJI: There is no evidence that we pass data from drone users unnoticed

Based on an investigation, DJI has said there is no evidence that DJI drones transmit sensitive user information without users’ knowledge or consent. In the US, for example, there are concerns that this data will end up in China.

Drone maker DJI says users have control over how their data is collected, stored and sent. The report states that DJI drones have the ability to collect videos, photos and flight data, but multimedia files are not created automatically. Users must actively choose to do so. DJI says this study is the first time it has given outsiders the opportunity to examine its own code.

Furthermore, the drones and the accompanying Go 4 app do not upload files to a server, the report says. If any data is sent by the app, it goes to secure DJI servers, which are hosted in the US by Amazon Web Services. Users can choose to share their multimedia files on SkyPixel, DJI’s social media platform, but these Alibaba Cloud servers are also located in the US. Certain location checks and diagnostic data can be automatically forwarded, but users can prevent this, according to Michael Perry of DJI, by stopping this in the Go 4 app or closing the internet connection.

DJI is relying on a research report by United States-based Kivu Consulting, a company hired by the Chinese drone maker to conduct an independent analysis of the data and security practices. It concerns an analysis of drones and their software that were viewed in the United States last year. In addition, Kivu says it has acquired the DJI Spark, Mavic, Phantom 4 Pro, and Inspire 2 independently of the DJI company, as well as the software.

Last year it emerged that the US military, among others, wanted to stop using DJI drones. This would partly be due to vulnerabilities in the products. Kivu says in the report that “potential vulnerabilities” have been found and that DJI has been informed. These would have been rectified by now.