DJI Mavic Series

Warning: *privacy not included with this product

DJI Mavic Series

DJI
Wi-Fi

Review date: Nov. 8, 2021

|
|

Mozilla says

|
People voted: Super creepy

DJI’s Mavic Series of drones range from the high-end Mavic 3 with a 28x super zooming HD camera and 46 minutes of flight time to the lower end Mini 2 that only weighs half a pound, fits in the palm of your hand and can fly for 31 minutes. These pricey consumer drones make taking pictures for above with features like 4k video, quick and easy transfer of photos and videos to your smartphone, and the ability to zoom right into your neighbor’s window. Please don’t use these drones to zoom into your neighbor’s window.

What could happen if something goes wrong?

China-based drone maker DJI has a history of not being good when it comes to privacy and security. Researchers raised concerns in 2020 about vulnerabilities in the Android app that control some DJI consumer drones and reportedly collect large amounts of personal data. If that data were leaked, they warned, it could then be exploited by the Chinese government. Currently, many government entities, including the United States military and the Dutch Ministry of Defense ban the drones, while it seems the FBI and Dutch police still purchase these drones. It all seems quite messy and rather scary.

Owning an insecure flying camera could present some problems for civilians too. Reading the DJI privacy policy does raise some flags for us, as they do seem to collect a good deal of personal information and while they say they don’t sell it, they do say they might share it with third parties for a number of purposes, including advertising.

Then there is the other privacy concern surrounding all drones — using them to spy on people in their own homes or in public spaces from afar. The new Mavic 3 has a 28x super zoom lense that could let someone record video up close and personal from far away. That’s pretty scary.

So buyer beware. Having the potential for personal information on your phone to be leaked to unknown sources who might exploit it, yeah, that's a really bad thing. Uncertainty if these drones are secure, another bad thing. Using these drones to spy on unsuspecting people, a really bad thing. All in all, we’re worried these DJI Mavic drones come with *privacy not included.

Tips to protect yourself

  • Protect the phone or tablet you control your drone with from malware
  • Use a strong password
  • Keep your drone's firmware updated regularly
  • Use a VPN
mobile Privacy warning Security A.I.

Can it snoop on me? information

Camera

Device: Yes

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

DJI does not sell your data. DJI may share personal information with social networks or third parties for advertising purposes.

DJI does not automatically collect your photo or video without your consent and affirmative actions. When you choose to upload your photos, videos or other content using DJI Products and Services, including text content relating thereto, they may collect and store such content, including EXIF data relating to the photo or video.

DJI may make certain aggregated, de-identified, or non-identifying information about their users available to third parties for various purposes, including for marketing purposes and to assist in understanding users’ interests and habits.

In the expanded CCPA section of their privacy policy for California residents, DJI discloses they may draw inferences about users from personal information such as "consumer profiles reflecting a consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes." They collect such information "indirectly from you, e.g., from observing your actions on our Website or from your Devices." They say they can use and share such information with affiliates and certain third parties.

How can you control your data?

You may update, correct, or delete certain DJI account information and preferences by accessing your account preferences page, available through certain DJI Products and Services, including the DJI.com and SkyPixel websites and various mobile applications.

While any changes you make will be reflected in active user databases within a reasonable period of time, DJI may retain all information you submit, as authorized under applicable law, for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where they otherwise reasonably believe that they have a legitimate reason to do so. In addition, if certain information has already been provided to third parties as described in this Policy, retention of that information will be subject to those third parties’ policies.

What is the company’s known track record of protecting users’ data?

Needs Improvement

In 2020, research groups Synacktiv and GRIMM claimed that the DJI GO 4 application can force updates on users without routing them through the Google Play Store. Given the access the application has — including users’ contacts, microphone, camera, geolocation — it could give DJI or third parties nearly full control of users’ phones. Hundreds of thousands of customers across the world use the app to pilot their rotor-powered, camera-mounted aircraft. In their response, the company claimed that researchers found a typical software concerns, with no evidence they have ever been exploited.

In the Netherlands, DJI drones were banned for military use because of security concerns, but they are still in use by the police force.

Can this product be used offline?

Yes

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

DJI and Microsoft Corp. have announced a strategic partnership to bring advanced AI and machine learning capabilities to DJI drones.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine


News

DJI Expands Data Privacy Protections For Government And Commercial Drone Operators
DJI
Following new cybersecurity audit, Local Data Mode feature coming to more DJI drones to eliminate internet connection and prevent transmission of drone flight data
Popular Chinese-Made Drone Is Found to Have Security Weakness
New York Times
Cybersecurity researchers revealed on Thursday a newfound vulnerability in an app that controls the world’s most popular consumer drones, threatening to intensify the growing tensions between China and the United States. In two reports, the researchers contended that an app on Google’s Android operating system that powers drones made by China-based Da Jiang Innovations, or DJI, collects large amounts of personal information that could be exploited by the Beijing government.
Dutch police using Chinese-made DJI drones the Defense Ministry rejected over security concerns: report
NL Times
The Dutch police regularly use drones made by Chinese company Da Jiang Innovations (DJI), which the Ministry of Defense banned over serious concerns about data security.
DJI and Microsoft partner to bring advanced drone technology to the enterprise
Microsoft
New developer tools for Windows and Azure IoT Edge Services enable real-time AI and machine learning for drones
App for Chinese DJI drones could give hackers full control of users' phones, researchers say
Cyber Scoop
The Android application used to operate drones manufactured by DJI contains a number of features that could allow attackers to target users with malicious applications or gain full control of users’ phones, according to recent research by France-based Synacktiv and U.S.-based GRIMM.
DJI Expands Data Privacy Protections For Government And Commercial Drone Operators
DJI
Following new cybersecurity audit, Local Data Mode feature coming to more DJI drones to eliminate internet connection and prevent transmission of drone flight data

Comments

Got a comment? Let us hear it.