Comment by dji4321234
11 days ago
> It can only be side-loaded on Android, because their app breaks a number of policies on privacy and data gathering.
I don't think this is the reason, I think it's more that they're just too lazy to jump through the approval and maintenance hoops that come with an app store, especially because their home market (China) doesn't even use the Play Store.
The iOS version of their app is Apple-approved and present in the App Store.
I do research in this space.
Their consumer apps are loaded to the gills with product-manager telemetry (tap/action tracing, etc., think Firebase/Flurry/whatever), and until recently they had a "sync flight logs" feature that would do what it said: give your detailed flight logs to DJI. It was opt-in, but it was easy to do by accident and many years ago there were bugs in the opt-in toggle.
They just removed this feature from US apps this week (too little too late, and too attached to reality and not attached enough to political pandering).
DJI also have a terrible track record with data security, with their entire AWS account getting ripped in 2017.
I don't think they're explicitly a CCP data-collection front, but sufficient product telemetry is indistinguishable from surveillance malware (this applies to US-based companies and US intelligence, too, of course).
However, their apps run on their own controllers are generally alright, and their enterprise apps run on their enterprise controllers in Local Data Mode are legitimately clean, barring a few versions with small bugs.
I fly DJI drones all the time using DJI RCs with network credentials forgotten, and I wouldn't hesitate to use one of these for consumer use. For the truly paranoid, use a burner email and a VPN to activate the drone.
I also wouldn't worry about using DJI Enterprise drones with the pro controllers in Local Data Mode for even moderately sensitive applications (infrastructure, law enforcement, etc.).
Of course I wouldn't use one for US military applications, insofar as it would be foolish to use any non-allied electronic device in this way.
ps - note that the analysis in the sibling comments are of older apps, DJI Go 4 and Pilot 1, not the newer flagship apps DJI Fly and DJI Pilot 2. The general theme (tons of dirty analytics platforms) remains the same, but the newer apps use more American platforms (Firebase, AWS-hosted proprietary stuff) rather than Chinese, and the "disable telemetry" and "disable data sync" options generally have fewer bugs now.
> I don't think this is the reason, I think it's more that they're just too lazy to jump through the approval and maintenance hoops that come with an app store
If that was the case, then why jump through all the hoops of extensive code obfuscation for the Android app? [0]
> DJI also have a terrible track record with data security, with their entire AWS account getting ripped in 2017.
Leaving the door propped open for everyone is also plausible deniability for doing bad things.
[0] https://news.ycombinator.com/item?id=39438842
Anti-reversing. Obfuscation and packers are dominant in Chinese applications. If something isn't obfuscated, it's free reign for competitors.
> Leaving the door propped open for everyone is also plausible deniability for doing bad things.
We completely agree here, see "sufficient product telemetry is indistinguishable from surveillance malware." I personally don't think this justifies a blanket ban on a technology; if it did, the world would need to be a very different place.
> there were bugs in the opt-in toggle.
> clean, barring a few versions with small bugs.
Juniper also had a “small bug” in their implementation of the NSA-mandated Dual Elliptic Curve Deterministic Random Bit Generator algorithm that just so happened to leak the exact number of state bits onto the wire required to hack any VPN connection.
I don’t know if you’re an optimist or just a kind soul, but the rest of us are jaded for good reasons.
A drone company has ZERO business collecting flight log information, in the same way my car manufacturer has no business knowing where I drive.
That their “finger slipped” and they “accidentally” made opting out harder should tell you something.
I fly over 55lbs drones for a living and they all have manufacturer black boxes, mandated by regulation, to say "A drone company has ZERO business collecting flight log information" is wrong.
I've never heard of such a law or regulation. Which country? Can you link directly to the government site where this is posted?
I feel like you're underestimating the average large state actor's ability to employ subtlety when they really care about a long-term foreign intelligence operation.
For example, it doesn't have to be the case that DJI has ever been told to collect data for the CCP. That would be a big OPSEC violation — as soon as anyone in the foreign media learned of it, DJI would be as dead as Huawei or Tiktok.
Instead, it could just as well be that the CCP have left DJI themselves untouched, but have instead manipulated market conditions around them: arranging it so that DJI "just seems to never be able to" hire any security experts; and so that DJI (and everyone else) hire product managers from a pool trained on CCP-sponsored university programs and industry media sources, that have those product managers parroting "useful" beliefs like "more analytics is always better."
> arranging it so that DJI "just seems to never be able to" hire any security experts
They're foot-nuking themselves this way, as well. Due to their poor security, DJI are also easily compromised by Western interests and collect a ton of data about Chinese drone operations. I suppose someone could argue they decided that this is worth the cost of the operation, etc., but it seems... odd.
> hire product managers from a pool trained on CCP-sponsored university programs and industry media sources, that have those product managers parroting "useful" beliefs like "more analytics is always better."
The CCP don't need to do any work to make this happen. I totally agree that they benefit, thus my "indistinguishable from malware" comment. But this is how product management works worldwide. Maybe the modern obsession with product telemetry has been a years-long deep intelligence op, but I think it's easier to attribute to standard corporate behavior.
Your post convinced me of the opposite of what you were going for; after reading it, I get even more of a feeling that DJI does shady things.
I wasn't exactly going for "DJI is great" - it's kind of funny that's how it came off.
My points were:
* DJI's use of Secneo on Android isn't hiding a "sendAllYourPhotosToTheCCPServerNow" function. This seems obvious but I've seen this take everywhere.
* However, DJI's apps are loaded with telemetry that's indistinguishable from malware. They ARE full of shady things.
* I wouldn't run a DJI app on my own phone.
* I would use a standalone DJI remote for most low to medium assurance applications, because while the shadiness remains in many ways, the threat model is easy to understand and boundaries are pretty easy to draw.
>I don't think they're explicitly a CCP data-collection front
In China you cannot not be explicitly a CCP data-collection front.
China doesn't bring evidence to a judge in order to get a subpoena for data. They just go to DJI an get it. DJI has zero legal recourse if the CCP wants access to all DJI's stored data. Doesn't matter where that data is stored. Same thing for tiktok and why legislators are killing that too. You're a Chinese company? You ultimately work for the state. No discussion.
China is not the US. People need to stop fitting the way things work in the US to the way things work in China.
Edit: For the whataboutists: Yes, everyone is aware that american three letter agencies have backdoor access to every computer, broken RSA and AES, and control the USA's puppet government. Thanks.
To start: I do not trust the CCP, but my trust in the American legal system has been waning.
What's the legal recourse for a US Citizen served with a dodgy FISA-related subpoena/warrant?
Or if a government agency wants to purchase tracking data that includes my phone from a data collection agency? Say the state of Texas purchases geotracking data for app users who cross state lines.
Apple famously told the FBI to go pound sand when asked to help access an iPhone in an actual terrorism case (i.e. it wasn't about going after dissidents or journalists or anything), even though such help was definitely within Apple's technical power.
Now, while admitting that I am no way claiming the US is perfect, does anyone actually think something even remotely similar would ever happen between a Chinese company and the Chinese government?
12 replies →
Whatever slim you want to think your recourse is in the US, it is FAR better and broader than in the country that has uncounted mobile execution vans with zero available records of who is executed.
At least the US is trying to be a democracy, and has largely functioning checks and balances.
CCP is flat-out 'you cannot even talk or access information on things that make us look bad, such as Tibet or Tiananmen Protests' and 'make the wrong criticism at the wrong time and it is over for you'.
There is a MASSIVE difference. Playing false equivalence games will end very badly.
15 replies →
> my trust in the American legal system has been waning.
Why? We just watched a former POTUS and the current POTUS's son get convicted of felonies in courts with juries. Is there a better test of the legal system?
2 replies →
do you think that national security warrants and subpoenas actually stand up to evidentiary claims? it’s not like the US actually cares and does the right thing— it’s just force hidden behind “process”
> China doesn't bring evidence to a judge in order to get a subpoena for data
Do you think that e.g. FISA courts or the CIA kidnapping random civilians based on their name/watch type have a high threshold of evidence?
> China doesn't bring evidence to a judge in order to get a subpoena for data. They just go to DJI a get it. DJI has zero legal recourse if the CCP wants access to all DJI's stored data. Doesn't matter where that data is stored.
Is this an assumption or do you have first-hand knowledge of how this works operationally, in practice?
I remember reading somewhere that all large companies in China are effectively state-owned, they basically always have a CCP member of the party on their board, which even the CEO is beholden to.
> In China you cannot not be explicitly a CCP data-collection front
Unintelligible.
Rewrite as “in China it’s very hard to avoid turning over data to the CCP.”
It's a written rebuttal mirroring the original wording. This is a common writing and debate style; please don't ask people to rewrite their posts when it is fairly clear what they meant¡
> China is not the US
Not a very good comparison in terms of the state forcing companies to give out their customers' data...
Also love how, in your opinion, anyone pointing this out must of course be a conspiracy nut.
> For the whataboutists: Yes, everyone is aware that american three letter agencies have backdoor access to every computer, broken RSA and AES, and control the USA's puppet government. Thanks.
You're deliberately overstating the issue, to the point of absurdity, to avoid legitimate criticism. Three-letter agencies do have a high level of access to this data, and in many cases that's because the companies involved just voluntarily hand it over (no need to get the courts involved). Even when the courts do get involved, these are secret courts where the decisions are classified, and in any case from what we do know they act as a rubber stamp anyway.
So, this is a matter of the US wanting access to that data in addition to, or possibly exclusive from, the CCP. Frankly, as I'm not currently under the jurisdiction of the Communist Party of China, I'd prefer they have unlimited access to that data as opposed to the US government, if I have to choose one or the other.
Ahaha, as opposed to the US where... 3-letter agencies don't bring evidence to a judge, they just go to google/meta to get it.
Pointing out obvious bad-faith hypocrisy is actually called "whataboutism", you're doing a hecking fallacy!!
This is absolutely a false equivalence.
Google and Meta choose to give the government all sorts of data that they're not required by law to give, because they don't see it as worthwhile to go to bat for their users. You can choose to use a vendor who will protect your privacy and demand full due process on the part of government requestors.
In China there is no due process and no choice of vendors who would demand it, even if they could.
Aw yes, a $15B company that is “lazy”
It is amazing how much leeway enormous companies can get by claiming ignorance or laziness.
I haven't used a DJI drone since I got my Spark, so this is a few years out of date, but when I set that up the procedure was incredibly locked down and invasive. You had to install the app, which had to have full access to everything, and which had to have an active internet connection to update the drone firmware. So at the least, it was extorting your physical location, details of any wifi network, access to phone photos, and iirc a bunch of other stuff (like I said it was a few years). The whole way through the app took a very authoritative tone ("do X, do Y, you must do Z") as well. I used a dedicated second hand phone with no SIM card (after initial setup) but it was still uncomfortable and there's no way in hell I'd have allowed the app on my main phone. No idea what it's like now but I'd be amazed if it's more free or respectful of privacy.
I don't think they're a CCP front, and their actual core product engineering is amazing, but my understanding is that like any sufficiently large organisation in China (or any country, I guess) they must comply with government instructions.
Their newer drones support DJI RC[0] so you don't have to worry about installing their app on your phone and giving all the permissions. I use it with my DJI Mini 3 Pro, another advantage is that you don't have to worry about phone battery
[0] https://www.dji.com/rc
> sufficient product telemetry is indistinguishable from surveillance malware
Isn't this mandatory given the restrictions required of them to disallow flying in banned areas?
No; this functionality is actually accomplished in a reasonable way, with a local database stored on the drone and checked by the drone's flight control software, and exemptions granted by uploading a signed payload to the drone detailing an unlock region and timeframe.
It's also worth noting that these restrictions aren't government imposed in countries besides China, and aren't government-linked besides a request-based "please make this location a no fly zone" process - DJI basically just exported a Chinese concept with hope of building goodwill internationally, and the no-fly zones were invented by DJI from public land use data. That's why other drones don't have no-fly zones but are still allowed for sale, there are frequent mismatches between DJI no-fly zones and real no-fly zones (both false positive and false negative), and why DJI disabled their own no-fly zone feature in much of Europe earlier this year (European mandated no-fly rules passed the responsibility to the consumer instead).
No-fly zones and unlocks is exactly why we went over to Autel and I hope they aren't next.
You don't need to phone home in order to implement no-fly zones. All you need to do is download the latest flight restrictions, which could most easily be done anonymously.
So many things don't need pervasive surveillance and privacy violations... yet it seems everything does it regardless, from the largest social media down to the most insignificant bank or government app you need to conduct your life.
What I heard (third hand knowledge) is that the DJI Android software stack can't handle AABs and for some reason it's easier for them to just get people to sideload instead of fixing their toolchain.
At least on some Android based dji products, the device os does not include Google services. If aabs are dependent on Google Play being installed, then this would be correct. Side loading is absolutely viable for apks, as are third party app stores. I am not an android developer.
what's an AAB?
What about consumer apps in Local Data Mode?
Overall what I'd say about DJI is that they seem to be earnestly trying to make their features work at face value.
That is, if you opt out of data collection, they seem to be earnestly _trying_ to disable data collection. Unfortunately their apps are a spaghetti monster disaster and it's very difficult for them to get things right, so DJI frequently introduce new features or libraries which contain telemetry they've forgotten to disable. In my experience they do this more often in consumer apps than enterprise apps. I think they might actually have some kind of automated testing or audit applied to their enterprise apps.
Whether this is a conspiracy to introduce subtle surveillance bugs or simple hardware-company-making-software incompetence is of course an exercise left to the reader's paranoia level.
Anyway, I just use DJI RCs and forget network credentials. This limits the DJI bug/malice blast radius surface area to an acceptable range to me, and that's the advice I'd give others, too.
This is a naive take Im wondering if its intentional disinfo.