DJI Mavic Series

Warning: *privacy not included with this product

Toys & Games Drones

DJI Mavic Series

DJI
Wi-Fi

Review date: Nov. 8, 2021

|
Mozilla researched 7 hours
|

Mozilla says

|
People voted: Super creepy

DJI’s Mavic Series of drones range from the high-end Mavic 3 with a 28x super zooming HD camera and 46 minutes of flight time to the lower end Mini 2 that only weighs half a pound, fits in the palm of your hand and can fly for 31 minutes. These pricey consumer drones make taking pictures for above with features like 4k video, quick and easy transfer of photos and videos to your smartphone, and the ability to zoom right into your neighbor’s window. Please don’t use these drones to zoom into your neighbor’s window.

What could happen if something goes wrong?

China-based drone maker DJI has a history of not being good when it comes to privacy and security. Researchers raised concerns in 2020 about vulnerabilities in the Android app that control some DJI consumer drones and reportedly collect large amounts of personal data. If that data were leaked, they warned, it could then be exploited by the Chinese government. Currently, many government entities, including the United States military and the Dutch Ministry of Defense ban the drones, while it seems the FBI and Dutch police still purchase these drones. It all seems quite messy and rather scary.

Owning an insecure flying camera could present some problems for civilians too. Reading the DJI privacy policy does raise some flags for us, as they do seem to collect a good deal of personal information and while they say they don’t sell it, they do say they might share it with third parties for a number of purposes, including advertising.

Then there is the other privacy concern surrounding all drones — using them to spy on people in their own homes or in public spaces from afar. The new Mavic 3 has a 28x super zoom lense that could let someone record video up close and personal from far away. That’s pretty scary.

So buyer beware. Having the potential for personal information on your phone to be leaked to unknown sources who might exploit it, yeah, that's a really bad thing. Uncertainty if these drones are secure, another bad thing. Using these drones to spy on unsuspecting people, a really bad thing. All in all, we’re worried these DJI Mavic drones come with *privacy not included.

Tips to protect yourself

  • Protect the phone or tablet you control your drone with from malware
  • Use a strong password
  • Keep your drone's firmware updated regularly
  • Use a VPN
  • mobile

Can it snoop on me? information

Camera

Device: Yes

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

DJI does not sell your data. DJI may share personal information with social networks or third parties for advertising purposes.

DJI does not automatically collect your photo or video without your consent and affirmative actions. When you choose to upload your photos, videos or other content using DJI Products and Services, including text content relating thereto, they may collect and store such content, including EXIF data relating to the photo or video.

DJI may make certain aggregated, de-identified, or non-identifying information about their users available to third parties for various purposes, including for marketing purposes and to assist in understanding users’ interests and habits.

In the expanded CCPA section of their privacy policy for California residents, DJI discloses they may draw inferences about users from personal information such as "consumer profiles reflecting a consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes." They collect such information "indirectly from you, e.g., from observing your actions on our Website or from your Devices." They say they can use and share such information with affiliates and certain third parties.

How can you control your data?

You may update, correct, or delete certain DJI account information and preferences by accessing your account preferences page, available through certain DJI Products and Services, including the DJI.com and SkyPixel websites and various mobile applications.

While any changes you make will be reflected in active user databases within a reasonable period of time, DJI may retain all information you submit, as authorized under applicable law, for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where they otherwise reasonably believe that they have a legitimate reason to do so. In addition, if certain information has already been provided to third parties as described in this Policy, retention of that information will be subject to those third parties’ policies.

What is the company’s known track record of protecting users’ data?

Needs Improvement

In 2020, research groups Synacktiv and GRIMM claimed that the DJI GO 4 application can force updates on users without routing them through the Google Play Store. Given the access the application has — including users’ contacts, microphone, camera, geolocation — it could give DJI or third parties nearly full control of users’ phones. Hundreds of thousands of customers across the world use the app to pilot their rotor-powered, camera-mounted aircraft. In their response, the company claimed that researchers found a typical software concerns, with no evidence they have ever been exploited.

In the Netherlands, DJI drones were banned for military use because of security concerns, but they are still in use by the police force.

Can this product be used offline?

Yes

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

DJI and Microsoft Corp. have announced a strategic partnership to bring advanced AI and machine learning capabilities to DJI drones.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

  • DJI Expands Data Privacy Protections For Government And Commercial Drone Operators
    DJI
  • Popular Chinese-Made Drone Is Found to Have Security Weakness
    New York Times
  • Dutch police using Chinese-made DJI drones the Defense Ministry rejected over security concerns: report
    NL Times
  • DJI and Microsoft partner to bring advanced drone technology to the enterprise
    Microsoft
  • App for Chinese DJI drones could give hackers full control of users' phones, researchers say
    Cyber Scoop
  • Researchers find glaring security and privacy issues with DJI app (Updated)
    Android Authority
  • Will DJI’s super-zoom Mavic 3 stoke drone-vs.-privacy debates?
    Drone DJ
  • DJI Expands Data Privacy Protections For Government And Commercial Drone Operators
    DJI
  • The Pentagon says DJI drones still pose a threat, disavowing its own earlier report
    The Verge
  • FCC commissioner calls for tighter restrictions on DJI drones
    GCN
  • Scoop: U.S. government buying risky Chinese drones
    Axios

Comments

Got a comment? Let us hear it.