Comment by dji4321234

My summary of DJI apps, which I have extensively reverse engineered, is:

If you opt into DJI's Flight Record Sync service, you send them your flight records. If you send DJI the additional logs they request for a warranty claim, you send them basically every imaginable bit of data from your drone. Both of these things make sense intuitively.

Overall, DJI appear to be earnestly attempting to respect data privacy, especially in their newer apps, DJI Fly and DJI Pilot 2. DJI Fly overall attempts to honor the user's flight analytics and flight log transfer preferences. DJI Pilot 2 in Local Data Mode genuinely stops using the network entirely. DJI's newer "Clear All Data" feature genuinely (but insecurely) erases all stored historic flight and user data on a drone and controller. DJI's efforts towards obfuscation seem generally directed at preventing reverse-engineering by their competitors, not hiding CCP malware.

HOWEVER:

DJI are a hardware company and lack competence in the software space, so they frequently make egregious mistakes which expose users to information disclosure or device security issues. This is especially bad in their older apps (DJI Go and DJI Pilot 1). They occasionally ship third-party libraries containing their own analytics and forget to disable these third-party analytics. Their information security practice seems quite bad overall, including a very prominent leak where all of their AWS data was downloaded in 2017, including synced flight logs, warranty logs, and app telemetry data.

DJI's consumer apps (DJI Fly) are loaded with product-manager-requested mobile app telemetry, as are most American phone apps of all kinds, and require app login to activate a drone. This enables powerful cross-correlation against a user's activities in the app. Sufficiently advanced telemetry is indistinguishable from surveillance malware. There is no evidence of a massive conspiracy where DJI are trying to siphon data to the CCP, but a malicious actor with access to their mobile app analytics dashboard could definitely infer a lot more information than a sensitive customer would like to disclose, including locations where the app was used, with what drone model and for how long it was used for, and whether or not special no-fly zone authorization was requested from DJI.

My summary of DJI is:

I would use a modern DJI drone, enterprise or consumer, in a casual home or business application. However, I would only use a DJI drone with DJI Remote Controllers (which are Android tablets), not my own phone. I would activate the drone, then forget the WiFi network I used to activate it. This provides an end-run around the product telemetry features present in the app, and avoids security issues on your local device introduced by DJI's poor programming practice.

DJI Enterprise hardware and software genuinely attempts to provide offline functionality. I would use it with one of the professional standalone RC units, even in a moderately sensitive situation (say, Law Enforcement use), after auditing one specific app version's behavior (to ensure they didn't accidentally introduce a library with telemetry enabled, which they've been known to do).

Also, be aware that all DJI drones broadcast a local proprietary beacon, sometimes referred to as Drone ID or Aeroscope (not to be confused with US Remote ID standards), containing drone serial number and current location data. On newer consumer drones, this broadcast is encrypted. Regardless, it should be assumed that if you are flying a DJI drone, it can and will be tracked by nearby parties. This should be assumed for any drone, realistically. In the usual use case, you are controlling a giant RF emitter using another giant RF emitter.