Last week, DJI released a report from a third-party investigation into DJI data practices. DJI’s storage, collection and use of data from their drones, software and services were under the microscope. This concluded in DJI having full control of these areas.
The third-party was Kivu Consulting, based in San Francisco, and they focussed on DJI’s USA data. Keep reading to find out more about Kivu’s report.
What data did they collect?
Kivu wasn’t provided directly by DJI, instead, they independently acquired the DJI Spark, DJI Mavic, DJI Phantom 4 Pro and the DJI Inspire 2. Kivu also obtained copies of DJI’s GO 4 mobile app directly from Apple and Android stores.
Whilst Kivu operated the drones, they captured data transmitted from the DJI GO 4 app. They additionally analysed servers utilised by the DJI to store transmitted user data.
Kivu was also provided access to DJI engineers and managers, as well as spending several days with the team discussing the products, software development, and information security practices.
What’s the diagnosis?
- Data Storage and Transmission
DJI’s drones and the flight control system have the ability to capture data such as videos. flight logs and photos. DJI cannot automatically create multimedia files. Users have to physically film and capture the data themselves, this includes video, photos and flight logs.
DJI’s drones do not have onboard audio recording capabilities, therefore users must capture audio data using the microphone on their mobile device.
- Flight Logs
The DJI drones record flight logs and store them on the drones themselves, as well as within the GO 4 application. Customers can choose to upload the files to the DJI servers if they choose.
- Diagnostics and the “No Fly Zone” Data
By default, the drones transmit diagnostics and location check data to DJI servers. If flying near a “no-fly zone”, data is transmitted to avoid use in restricted areas. Users may prevent these transmissions by deactivating them within the GO 4 app as well as by disabling the internet connection.
- Identifiable Data
The only identifiable information used by DJI is email addresses and phone numbers. If desired by the user, details can be made anonymous. The AWS servers have also been confirmed to be designed to block unauthorised access.
- DJI Servers
Data transmitted by the GO 4 app sends to secure DJI servers. DJI use serves by Amazon Web Services, as well as Alibaba Cloud. Kivu have confirmed the AWS servers prevent unauthorised access.
- Facial Recognition
Kivu have ascertained DJI drones don’t have the ability to facially recognise users, and also don’t use facial recognition software.
It’s easy to see from the report that DJI’s data is secure and safe, and therefore welcome news for DJI users. Given recent media controversies elsewhere, it was a good move by DJI to conduct the external investigation and will allow them to maintain their position at the top of the commercial drone market.