Showing posts from July, 2020

DJI Privacy Analysis Validation

Photo by Mitch Nielsen on Unsplash DJI Privacy Analysis Validation Given the recent controversy with DJI drones, a defense and public safety technology vendor sought to investigate the privacy implications of DJI drones within the Android DJI GO 4 application. To conduct their analysis, the vendor partnered with Synacktiv who performed an in-depth dynamic and static analysis of the application. Their analysis discovered four main causes of concern within the DJI GO 4 application , most notably: The application contains a self-update feature that bypasses the Google Play store. The application contains the ability to download and install arbitrary applications (with user approval) via the Weibo SDK. During this process, the Weibo SDK also collects the user's private information and transmits it to Weibo. Prior to version 4.3.36, the application contained the Mob SDK, which collects the user’s private information and transmits it to MobTech, a Chinese analytics company.