Cybersecurity firm FTI Consulting analyzes DJI’s data sharing or lack thereof

DroneXL already covered the main part of this news yesterday, but I think it is important to highlight the findings from FTI. The cybersecurity firm FTI Consulting analyzed DJI's data sharing, or more accurately the lack thereof, and concluded that not only does the Chinese drone maker employs security best practices, but that ‘when DJI's Local Data Mode (LDM) is enabled, no data that was generated by the application was sent externally to infrastructure operated by any third party, including DJI.

Cybersecurity firm FTI Consulting analyzes DJI's data sharing

DJI has hired FTI Consulting to investigate the dronemaker's data-sharing practices. FTI bought independently a number of DJI drones through different channels and the dronemaker provided the research firm with access to more than 20 million lines of code.

FTI Consulting reviewed the following DJI drones, apps, and websites:

DJI drones

  • DJI Matrice 210 RTK V2 v01.00.0590
  • v02.02.0401
  • DJI Mavic 2 Pro v01.00.0510
  • DJI Mavic Mini v01.00.0300

DJI applications

  • v4.3.32 (Android; iOS)
  • v1.7.2 (Android; Crystal Sky controller [Android])
  • DJI Pilot Private Edition (PE) v1.6.1 (Crystal Sky controller [Android])
  • DJI FlightHub Enterprise v1.3.1 (Ubuntu server 18.04)
  • DJI GS RTK v2.1.1-GSP (Phantom Cendence controller)
  • DJI Fly v1.0.6 (Android; iOS)
  • DJI GS Pro1 v2.0.10 (iOS [iPad only])

DJI websites


Summary of FTI Consulting's key findings:

  1. FTI observed a number of instances where DJI employed security best practices.
  2. FTI found that when DJI's Local Data Mode (LDM) is enabled, no data that was generated by the application was sent externally to infrastructure operated by any third party, including DJI.
  3. FTI found that Pilot PE used with FlightHub Enterprise provides an alternative method for operation that provides consumers additional control over the data they generate, as it requires installation on a local or cloud-based server. With this configuration, FTI observed no evidence of data being requested or transmitted externally.
  4. FTI found some instances of low-risk vulnerabilities in its application source code and website ; FTI assessed that these findings posed minimal risks to consumers.

Cybersecurity Firm Fti Consulting Analyzes Dji'S Data Sharing Or Lack Thereof 1

Politico mentioned in their daily PoliticoPro email newsletter that:

“Another heavy-hitter consulting firm has backed up Chinese dronemaker DJI's assertion that it doesn't send data to anyone else when an unmanned aerial vehicle's “local data mode” is in effect. There's been a push from some on the Hill and in the administration to ban DJI, which controls a major share of the drone market, out of fears that the company would be beholden to Chinese government data demands.

In its report, FTI Consulting found that when LDM is enabled, “no data that was generated by the application was sent externally to infrastructure operated by any third party, including DJI.” (MT readers may recall a recent Booz Allen Hamilton assessment backing up DJI, too.) DJI hired FTI to conduct the analysis, but FTI said it purchased the equipment independently and reviewed millions of lines of source code that DJI made available.

Not only did Booz Allen Hamilton back up DJI as well. So did studies by the U.S. National Oceanic and Atmospheric Administration, U.S. cybersecurity firm Kivu Consulting, U.S. Department of Interior, U.S. Department of Homeland Security.

The only security research firm that came to a different conclusion is the French company Synacktiv that had previously worked with a DJI competitor, which we believe is the French dronemaker . Parrot made a big deal about not trusting Chinese-made and more specifically DJI drones in the weeks leading up to their Parrot ANAFI USA drone. We had reached out to Parrot and SkyActiv and have not heard back from either company confirming or denying their relationship. I think that tells us enough.

Cybersecurity Firm Fti Consulting Analyzes Dji'S Data Sharing Or Lack Thereof 2

Droneu Marketing Banner Ad 1

Stay in touch!

If you'd like to stay up to date with all the latest drone news, scoops, rumors, and reviews, follow us on Twitter, Facebook, YouTube, Instagram, or…

Subscribe to our Daily Drone News email.*


Submit tips If you have information or tips that you would like to share with us, feel free to submit them hereSupport You can support by using these links when you make your next drone purchase: Adorama, Amazon, B&H, BestBuy, eBay, DJI, Parrot, and Yuneec. We make a small commission when you do so at no additional expense to you. Thank you for helping DroneXL grow! FTC: uses affiliate links that generate income.

* We do not sell, share, rent out or spam your email, ever. Our email goes out on weekdays around 5:30 p.m.

Discover more from DroneXL

Subscribe to get the latest posts to your email.


Proposed legislation threatens your ability to use drones for fun, work, and safety. The Drone Advocacy Alliance is fighting to ensure your voice is heard in these critical policy discussions.Join us and tell your elected officials to protect your right to fly.

Drone Advocacy Alliance
Follow us on Google News!

Get your Part 107 Certificate

Pass the test and take to the skies with the Pilot Institute. We have helped thousands of people become airplane and commercial drone pilots. Our courses are designed by industry experts to help you pass FAA tests and achieve your dreams.

pilot institute dronexl

Copyright © 2024. All rights reserved. The content, images, and intellectual property on this website are protected by copyright law. Reproduction or distribution of any material without prior written permission from is strictly prohibited. For permissions and inquiries, please contact us first.

FTC: is an Amazon Associate and uses affiliate links that can generate income from qualifying purchases. We do not sell, share, rent out, or spam your email.

Haye Kesteloo
Haye Kesteloo

Haye Kesteloo is the Editor in Chief and Founder of, where he covers all drone-related news, DJI rumors and writes drone reviews, and, for all news related to electric vehicles. He is also a co-host of the PiXL Drone Show on YouTube and other podcast platforms. Haye can be reached at haye @ or @hayekesteloo.

Articles: 3632

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.