If you’re a DJI drone owner then this might worry you, it has been reported by researchers of a security firm called Synacktiv and Grimm that the drone controlling mobile app DJI Go 4 might not be safe for the users. The researchers suggest that the app has some flaws and components which need to be fixed. The DJI Go 4 app is vulnerable and attackers can use the app to spy on users and also install malicious apps on the smartphone. Meanwhile, it has also been discovered that the app has violated the Google Play Store policies and the investigation is on the process.
According to the reports, the DJI Go 4 app is capable of installing any application on the device via a self-update feature or a dedicated installer provided by the Chinese microblogging website Weibo. Basically, with both the means DJI app can download the code from a third-party app installer which is against the policies of Google Play Store. It’s a clear case of violation of the Google Play Store. DJI is one of the most successful commercial drones manufacturing company with more than 5 million subscribers.
Researchers also suggest that the app is also capable of automatically restarting even after closed by the user and run in the background without the user’s concern. It also sends a network request while running in the background. According to the report the previous version of the app uses to collect sensitive data and sent it to MobTech, an SDK developer in China.
This data smuggling includes information like the phone’s IMEI number, information from SD card, SIM serial number, Bluetooth addresses, and more. However, the company claimed that it has removed this functionality with the release of the DJI Go 4 app, but it seems that the company is hiding something or not aware of it at all.
DJI Drone Owners Which Might Be At Risk?
According to researchers drones that came after DJI’s P4 are going to be at risk with this issue. The report suggests that mainly four drones are at risk which includes the owners of DJI Phantom 4, Inspire 2, Phantom 4 Pro, and Mavic Pro. Owners of the drones need to be more extra cautious while using and not using the app.
“The app update function described in these reports serves the very important safety goal of mitigating the use of hacked apps that seek to override our geofencing or altitude limitation features,” DJI spokesperson told Ars Technica.
What You Should Do?
Keep the criticality of the app we recommend you to uninstall the DJI Go 4 and wait for Google’s investigation to get completed. Once Google verifies the app is good to go then you can reinstall the DJI Go 4 to operate your drone.