DJI Spark Selfie Drone
DJI Technology $399

DJI Spark Selfie Drone

Who doesn't need a mini-drone that can follow you around and take pretty pictures? This little drone sounds a bit like a puppy--it follows hands commands such as away, follow, beckon, selfie, and record. It even recognizes your face and will launch directly from your palm and hover there waiting for you to tell it what to do. Throw in a nice camera and you can take the coolest pics on your block. Just one thing, these drones have a history of being easily hacked.

Can it spy on me

Camera Device: Yes | App: Yes
Microphone Device: Yes | App: Yes
Location Tracking Device: Yes | App: Yes

What does it know about me

Product uses encryption
No

Reading level for privacy policy

Grad school

Privacy policy reading level scores provided by the Usable Privacy Policy Project
Shares your information with 3rd parties for unexpected reasons
Yes
Nearly every company collects some kind of information on its users. That’s how the internet works. It’s how they use and care for this information that matters. You should know whether a company shares or sells your personal information to others and for what reasons. For the purpose of this report Mozilla determined that if according to a company’s privacy policy, it appeared to share data with third parties that could then use that information to market or advertise to customers, then we labeled it as “Shares information with third parties for unexpected reasons.” This does not mean your information is definitely used for these purposes. Simply that the policy leaves the possibility open your information could be used in this way.

Can I control it

If a password is required, you must change the default password
No
Automatic security updates
Yes
Deletes data it stores on you
Yes
Has parental controls
No

Company shows it cares about its customers

Company manages security vulnerabilities
Yes
Information security researchers have complained that the bug bounty program is ineffective.
Company makes it easy to contact customer support
Phone Number (818) 235 0789
Live Chat No
Email Yes
Twitter Yes

What could happen if something went wrong

DJI drones have been easily hacked in the past. In 2017, the US Military issued a ban on using this company's drones for military purposes. Owning an insecure flying camera could present some problems for civilians too, so buyer beware.

Updates

DJI's Spark drones to be bricked by September 1 unless firmware updated
The Register
Hackers have boasted that DJI's latest Spark drone firmware update was bypassed in mere hours – including downtime to enjoy the recent solar eclipse.
Man gets threats—not bug bounty—after finding DJI customer data in public view
Ars Technica
DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.
Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds
TechCrunch
It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account. The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to a DJI user’s cloud stored data, including drone logs, maps, any still or video footage — and live feed footage through FlightHub, the company’s fleet management system — without the user’s knowledge.

Compare products