Security weakness found in DJI drones, according to the NY Times

This morning, the NY Times featured an article on their home page that is titled, “Popular Chinese-made drone is found to have security weakness. Of course, the article is specifically about DJI drones that are found to have data security issues.

Security weakness found in DJI drones

The concerns around DJI drones started in 2017 and over the last three years, these concerns have been expressed by various government departments and lawmakers. DJI has vigorously defended itself against these claims, however, this morning the NY Times reports on a new security weakness specifically related to the use of smartphones that run Google's Android operating system. The concerns have been reported by two security firms and have been confirmed by the newspaper. Here are some of the highlights of the article.

In two reports, the researchers contended that an app on Google's Android operating system that powers drones made by -based Da Jiang Innovations, or DJI, collects large amounts of personal information that could be exploited by the Beijing government. Hundreds of thousands of customers across the world use the app to pilot their rotor-powered, camera-mounted aircraft.

“Every Chinese technology company is required by Chinese law to provide information they obtain, or information stored on their networks, to Chinese authorities if requested to do so,” said William R. Evanina, director of the National Counterintelligence and Security Center. “All Americans should be concerned that their images, biometrics, locational and other data stored on Chinese apps must be turned over to China's state security apparatus.”

The newfound security weakness in DJI drones has been reported by the French company Synacktiv and -based GRIMM.

DJI can also update it without Google reviewing the changes before they are passed on to consumers. That could violate Google's Android developer terms of service.

“The phone has access to everything the drone is doing, but the information we are talking about is phone information,” said Tiphaine Romand-Latapie, a Synacktiv engineer. “We don't see why DJI would need that data.”

Synacktiv did not find the same vulnerability in the drone maker's iPhone application.

Security Weakness Found In Dji Drones, According To The Ny Times 1

According to DJI, it is necessary for the drone maker to be able to update the app to prevent drone pilots from ‘hacking' their DJI drones. Brendan Schulman, DJI's Vice President of Policy and Affairs said in a statement:

“This safety feature in the Android version of one of our recreational flight control apps blocks anyone from trying to use a hacked version to override our safety features, such as altitude limits and geofencing. If a hacked version is detected, users are prompted to download the official version from our website.”

Schulman added that this feature was not present in the software version that is used by governments and enterprise companies.

… even when the app appears to be closed, it awaits instructions from afar, they [the researchers] found.

For instance, DJI's direct link to the Android app was most likely designed as a workaround for Chinese policies that block Google in China, forcing companies to send Android app updates themselves.

The security researchers from French Synacktiv, a company that has also worked for DJI's competitors (?) points out that there's a worrying pattern to DJI software updates. The company said:

…the pattern of problems in DJI's code and its quickly implemented fixes, which suggested that the company was already aware of some of the problems but had not fixed them, were also reason for concern.

The research company does not say that DJI is implementing ‘malicious uploads' but it points out that DJI could be using the app for that purpose.

Security Weakness Found In Dji Drones, According To The Ny Times 2

DroneXL's take

The security concerns around DJI drones do not seem to go away. You can argue about whether these concerns, including this latest ‘security weakness', are valid or if they are politically driven. However, but the fact that they keep reappearing in the news, and this time on the front page of a major newspaper is not a good thing for DJI and even the as a whole. Already parts of the , such as the Department of the Interior have stopped using DJI drone altogether. My concern is that a next step might include a complete Federal ban on the use of Chinese-made drones, including DJI drones, and prohibiting the use of Federal funds to purchase Chinese-made drones. This would prevent many from using Federal grant money to purchase DJI drones. All in all a worrying situation, that DJI has not sufficiently addressed in my opinion. A worst-case scenario would be for the Trump administration to issue a flat out ban on Chinese-made drones, including DJI drones. We will watch this space closely.

Let us know what you think about the security concerns, and this security weakness in particular, around DJI drones in the comments below.


Droneu Marketing Banner Ad 1

Stay in touch!

If you'd like to stay up to date with all the latest drone news, scoops, rumors, and reviews, then follow us on Twitter, Facebook, YouTube, Instagram or…

Subscribe to our Daily Drone News email.*


Submit tips If you have information or tips that you would like to share with us, feel free to submit them hereSupport You can support by using these links when you make your next drone purchase: Adorama, Amazon, B&H, BestBuy, eBay, DJI, Parrot, and Yuneec. We make a small commission when you do so at no additional expense to you. Thank you for helping DroneXL grow! FTC: uses affiliate links that generate income.

* We do not sell, share, rent out or spam your email, ever. Our email goes out on weekdays around 5:30 p.m.

Photo: Moment

Discover more from DroneXL

Subscribe to get the latest posts to your email.


Proposed legislation threatens your ability to use drones for fun, work, and safety. The Drone Advocacy Alliance is fighting to ensure your voice is heard in these critical policy discussions.Join us and tell your elected officials to protect your right to fly.

Drone Advocacy Alliance
Follow us on Google News!

Get your Part 107 Certificate

Pass the test and take to the skies with the Pilot Institute. We have helped thousands of people become airplane and commercial drone pilots. Our courses are designed by industry experts to help you pass FAA tests and achieve your dreams.

pilot institute dronexl

Copyright © 2024. All rights reserved. The content, images, and intellectual property on this website are protected by copyright law. Reproduction or distribution of any material without prior written permission from is strictly prohibited. For permissions and inquiries, please contact us first.

FTC: is an Amazon Associate and uses affiliate links that can generate income from qualifying purchases. We do not sell, share, rent out, or spam your email.

Haye Kesteloo
Haye Kesteloo

Haye Kesteloo is the Editor in Chief and Founder of, where he covers all drone-related news, DJI rumors and writes drone reviews, and, for all news related to electric vehicles. He is also a co-host of the PiXL Drone Show on YouTube and other podcast platforms. Haye can be reached at haye @ or @hayekesteloo.

Articles: 3657

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

en_USEnglish (United States)