An Android application used to control drones possesses a self-update feature that bypasses the Google Play Store which allows it to transfer sensitive data to its manufacturer, Da Jiang Innovations, and potentially the Chinese government. This was confirmed by French researchers at Synacktiv with the GRIMM security research group.
“While we can’t prove intent, what we can say is that it could allow [either DJI or the Chinese government] to make very serious privacy violations,” GRIMM CEO Brian DeMuth told SC Magazine. “We don’t feel that the users are fully aware of what the app is supposed to do. And we don’t think the users have any idea of the extent of data collection going on.”