The Truth About DJI’s Data Security

Estimated read time 23 min read


DJI Facing Potential Ban in the United States

DJI is on the verge of being banned here in the United States based on false claims and it affects everyone that uses their drones. It doesn’t matter if you fly recreationally just for fun, if you’re in the commercial space using your drone for profit for your business each and every single day, or if you’re in the first response space using drones for Police, fire, medical, or search and rescue – it affects everyone.

This ban will prevent new DJI drones from entering the country and being sold. It also can impact us using drones on a daily basis that we already own right now, which for me would be a huge hit to my business.

Now this video is on the longer side, but I want to make sure I leave everything on the table. For that reason, I’ve split things up into different sections so you can jump around as you need to, but I highly recommend you stick around for the whole video as we dive deep on these data concerns with DJI.

YouTube video

Who Makes the Most Popular and Capable Drones?

Okay, now let me help you set the scene. If I’m somebody that wants to get into flying drones or maybe I want to upgrade my drone, there are probably two places I’m going to go to try and find something that I’d want to buy: Best Buy or Amazon.

READ MORE: DJI TO DISABLE FLIGHT RECORDS SYNC IN THE U.S.

Personally, I’d go with Best Buy because I can walk into one of their stores, pick up the drone that same day, go home, start using it, start flying it, and I also get a great spot to return it if I need to. I can go into their store and actually return it physically instead of having to deal with shipping it.

But regardless, I wanted to go into a Best Buy to see what my options were as somebody that wants to buy a drone, and what do you know – they only had DJI drones on display.

The Truth About DJI's Data Security 1

Most of the stores in my area have been updated, they now feature these nice new display areas for all of their products, and DJI has a great little booth here. But again, they’re the only drone that you can find. There’s no Parrot drones, there’s no Autel drones, it is just DJI. They have the Avata 2, the Mini, the Air, the Mavic 3 Classic, the Mavic 3 Pro – they have all of the different drones that DJI offers. They even have some of their smaller cameras like the Action camera, the Pocket, and the Osmo Mobile that you can use with your smartphone.

READ MORE: DRONE INDUSTRY’S OUTRAGE OVER STEFANIK’S ANTI-CHINA LEGISLATION

The Truth About DJI's Data Security 2

Now there were other drones on display, with Snap being the one name coming to mind. But look at the price point on these drones – these are toys. These are things that you’d buy for your son or daughter for Christmas to go and fly outside, crash right when they purchase it, and then probably throw it away. These are junk, these are not comparable to DJI. They’re just toys, they’re basically cheap plastic, they don’t fly good, they don’t take good photos and videos, whereas DJI makes drones that are actual tools that I use each and every day to complete my job.

The Truth About DJI's Data Security 3

What info Does DJI Need When Setting Up and Account and DJI Drone

All right, so we have a brand new DJI Mini 4 Pro here, literally still inside of the wrapper. What I want to do is go through the setup process of this drone, and we’re not going to do any cuts here. We’re going to go through this step by step so that we can see what we need to give DJI in terms of data when we set up a new account as well as a new drone. Bear with me here because as I mentioned, we’re doing no cuts – it is going to be one full thing so you guys know that I’m not leaving anything out here.

So again, Mini 4 Pro here – this is DJI’s flagship mini drone, if you will. They’ve got a good amount of mini drones available to kind of meet different people’s needs. Let’s go ahead, we will take out the controller. So this box here is the remote, this is the DJI RC2, and all of its accessories.

The Truth About DJI's Data Security 4

All right, we can of course throw all that to the side – this is like a speed unboxing here. Get all of that to the side. Hopefully it’s nice and clear. It of course comes inside of these wrappers. The good thing about the RC2 is that it actually has the built-in screen which is nice, it’s going to make things a little bit easier. Again this is like a speed unboxing here, so that we can get on to the next thing in the video.

Now I have a portable battery bank here, because these drones usually don’t initialize without some sort of charge as a safety method for shipping the battery. So you can see this drone does not turn on, but once we go and plug the drone in, those green lights will begin to flash. We’ll do the same thing here for the remote controller as well just to get a charge going into each of the components.

Okay, let’s go ahead, we’ll open up the DJI Mini 4 Pro, take off the gimbal guard. It is the responsible thing to do so that we don’t mess up the motors. And we’ll leave all the stickers on just cuz again, we’re really interested in the setup process. So we’ll turn on the drone, we’ll turn on the remote. We really don’t need these plugged in anymore, this is more so just to get it set up.

Now let’s talk about data, right? DJI says that they don’t collect data from their customers, they don’t collect data when you set up an account or from your drone – everything is basically on an opt-in basis. Now I’ve got a DJI account that I use for all of my drones, right? So, you know what, I think the sticker might be messing up the calibration down here. Let’s see if that’s going to mess things up.

READ MORE: STEFANIK’S ANTI-CHINA AND ANTI-DJI DRONE BILL SPARKS CONTROVERSY

Okay, let’s go through the entire setup process here. So I’ve got the RC2. Might be a little bit bright there, but hopefully we can tone down the brightness here soon. So English, of course, that’s going to be our preferred method. You’ve got software terms of use here, which you can read through if you’d like to. It seems to be very long, so for this video, we’ll probably leave that out. We’ll hit agree there. You can of course find those terms and conditions on DJI’s website if you want to.

From here we choose a country or region. So of course United States is already set up out of the box, because this drone was shipped to the US.

From here, we’re going to choose a network for our drone to connect to. So we of course need a network to connect to the internet so that we can establish a DJI account.

From here I’m going to go ahead and type in my password. I don’t even remember what my password is – I’m going to have to I think look this up. Oh, let me see. I am also blurring the screen now because I don’t want people connecting to my account – my Wi-Fi, I should say. Let’s see if I got the password right. I don’t know if it is – is it going to give me… We’ll hit okay. Connecting to Wi-Fi… I bet you I got it wrong. Yeah, connection failed. Okay, let’s see. I’m going to give it one more go. I think that’s lowercase. Searching or connecting to Wi-Fi there… Okay, boom. We’re in. Now we’ll hit next.

READ MORE: DID DJI JUST SAVE THEMSELVES FROM A POTENTIAL BAN?

From here, we’re going to choose our time zone. So for me of course, I am going to be choosing Eastern Time. Man, there are a lot of time zones here. Just for the sake of it, we might choose something that is not even my time zone. I might have even – let’s see, Central, Mountain, Pacific, Alaska, Hawaii… I must have missed it, honestly. The time zone is not that – let’s just say we’re in London. Saw London right there, boom. London. Okay, next.

It knows – okay, now this is the point where we’re going to be logging into a brand new account. So again, we connected to the Wi-Fi network so that we could create an account. Go ahead, create, enter an email. We’re going to go ahead and use the email that I use for business.

And we’re going to make a password. So we can make this password anything that we want to. I’m going to make it “DJI Mini 4 Pro” and… Oh, you know what, actually this is the – this is the… Let’s see, it’s not even a password field.

And don’t worry, I’ll be changing my password before this goes live so nobody can log in. So go ahead and register. Now we create a password. Okay, “DJI Mini 4 Pro”, and then I guess we’ll add like a one. Okay, and then this was “DJI Mini 4 Pro” and we did the one. I think that’s right. Oh, we go ahead and tap the box down here. Tapping to agree to their terms and conditions and privacy policy, hit next.

Now we’ll go ahead and we’ll log in. So we can go ahead and type in the email that we used, and then we can go ahead and type in our password, which was “DJI Mini 4 Pro One”. Log in. Enter the verification code. So this would be 2YKL. 2YKL. Log in. Activate, start. I’ll skip through all of the different tutorials.

DJI Did Not Require Any Personal Information

So DJI didn’t need any personal information to set up my account. In fact, I didn’t even need to grab my phone and I didn’t even need to go and activate my account. I didn’t need to tap on any sort of activation link – it just works.

Now check this out – information authorization. It wants to access the DJI device GPS info. So that’s the drone. The DJI device hardware info – that’s the drone. And the DJI devices approximate location information. I’ll hit next. I’ll then go and look at the different information that it wants to share here. So this is some stuff for experience improvement. So you guys can go ahead and take a look at this – it shows that it’s going to be sharing hardware info, mobile device info, and usage logs. Now from here, I can join this or I can say “not now”. So if I tap “not now”, it is not going to share any of the information on my device over to DJI’s servers.

Now from here it’s asking me to activate my device. I’ll hit agree. It’s activating. Once that is done now, and we can skip over DJI Refresh – of course we need to do a quick Firmware Update. But from here, after this tutorial, I can swipe down. I can turn off Wi-Fi – come on, I can turn off Wi-Fi. And I can now never connect to the internet ever again and continue to fly the Mini 4 Pro.

So when I’m out here, that means all I need to do is turn on my controller, turn on the drone, allow it to establish its GPS connection, and without Wi-Fi, I can prime my motors and I can start flying without an issue.

The Truth About DJI's Data Security 5

The cool thing about DJI’s drones is they have three different controllers to choose from to kind of tailor your experience. So you’ve got the RCN2, which is their standard issue controller that allows you to use your smartphone to connect to the controller and be used as a screen to interact with and fly your drone. You’ve also got the RC2, which is the controller that I just used to set up that Mini 4 Pro – this allows you to use the built-in screen and never connect Wi-Fi when you fly your drone. And you’ve also got the RC Pro, which is kind of like the RC2, but it’s just a much more upgraded version – it’s more premium with better specs, and still allows you to fly offline no matter what.

The Truth About DJI's Data Security 6

This is also true with DJI’s enterprise drones – they all have controllers that have built-in screens. In fact, none of them allow you to actually connect your smartphone to fly the drone. So that means that you can fly all of these drones completely offline if you’re worried about data transmission.

The Truth About DJI's Data Security 7

Interview with Adam Welsh from DJI

Billy: Adam, so thanks so much for joining us again here for a second time. If you guys haven’t seen, we already did a full interview with Adam – it’s its own separate video. I’ll leave that link up in the top corner and down in the description. But Adam, for those that may have not seen that interview yet, can you give us a quick understanding of who you are and what you do at DJI?

Adam: Sure, Billy. So my name is Adam Welsh. I head the policy and government relations team at DJI, which means that I do everything from working with national aviation regulators on where people can fly drones and try to enable more advanced operations, through the dealing with Data Security issues and cybersecurity.

The Truth About DJI's Data Security 8

Billy: Cool. So your job has probably been fairly busy as of recent. Um, we just – to catch you up with this video here – we set up a Mini 4 Pro from scratch. So we actually went, created a brand new account, kind of showed people what it’s like to buy one of your drones, what information you need to give to actually set up, you know, an account with you guys and set up a drone. And then we showed that you actually don’t even need an internet connection to fly. Like once you set your drone up, you can pretty much live offline, fly your drone, and update the firmware as you need on a, you know, basis of whether or not you think it’s worth it or not. So quickly, why don’t you give us an understanding of how DJI handles the data that you actually have, that you actually get from customers?

Adam: Sure. So in effect, like, our starting tenet is that your data just is not our business, right? We make – we make money from selling hardware. And so we set up everything so that data is completely within your control. So as you point out, during the setup process, you have to opt in to share things like flight logs, or if you fly a consumer product, you also have the option to log into SkyPixel and share videos and images there. But that’s not even an option for our enterprise users. So that’s our starting point – opting in to share, not automatically taking the data.

The second point, as you point out, is that we – for people who are flying really sensitive missions – we enable what we call “local data mode”. Now that means that the drone is not connected to the internet at all.

With enterprise products, you can also download firmware and maps offline, so that drone can literally stay hermetically sealed off from the internet throughout its duration, right? You activate it once, and then from then on, you can operate it completely offline.

So in effect, it’s like an air-gapped computer, right? It never connects to the internet. So our starting point really is that that we don’t need your data. If you wanted to share it with us, there’s ways to opt in to share it. But in effect, we’re not taking data just just for any profit or anything else.

Billy: Sure. That makes sense. It sounds like a model kind of like Apple, right? Like, they sell hardware, they really don’t benefit from collecting data. In fact, Apple is huge on privacy. So it kind of sounds like you’re in that similar boat where you’re making hardware for people to use, and that data is something that you just have no interest in collecting or sharing. So I think that that is perfect.

Now let’s talk about Trust Center. That’s probably the main reason why I wanted to have you here in this video. It’s something new that you guys have introduced. Actually, personally, I haven’t done too much digging as of late or as of recent on this new system you guys have put together. So can you give us a quick understanding of what TRUST Center is and maybe who would benefit from using it?

Adam: Yeah, absolutely. So I mean, we’ve done a lot on data security since 2017, right? We’ve done an enormous amount to harden our products in terms of just the hardware side of things, but also through all the settings that we just went through. And we just want to make sure that there’s a one-stop place that anybody can go to to figure out how their drone works and how it handles data, and what the privacy settings are.

And so if you go to the DJI Trust Center, in effect, it has tabs for consumer and for enterprise products where you can look through the different settings on either of those two categories. It has our data security white paper, which is really a deep dive for anybody that wants to go more technically into the depths of how we handle data security.

It has links to our audit reports on data security that have been done by private sector third-party firms, but also by government agencies such as Idaho National Labs when they did a study for Department of Homeland Security, and also the US Department of Interior study.

And of course, it links to our bug bounty program, where we encourage people – if they find any flaws in our data security – to work with us in a constructive manner and reward them. And then, you know, contact information for anybody if they want to go even further and have a conversation about our data security.

Billy: Awesome. And I think just to kind of hammer home something, right? You have these third-party companies and data centers auditing DJI’s hardware, auditing their software, and they found nothing, right?

Adam: Yeah, exactly. Like, there’s no data transfer back to China, right? So like, that – the key – the key allegation against us is in some way we’re taking data and using it to – to send to China. That’s just not true. If people do decide to share data with us, it’s shared on – it’s – it’s stored on servers in the United States.

Billy: That makes sense. Now I guess that’s kind of why we have it here, right? That’s why we’re actually making this video, is because of the allegations against DJI and of course the pending bill here in the United States that would ban people from using DJI drones. So could you give us, I guess like, a quick updated timeline on what’s going on right now, what people can expect, you know, who might be thinking about buying a DJI drone or who might be using one right now? And then also, could you give us like some understanding of what we as drone pilots can do to continue to have the freedom of choosing what we want to use when we want to use it?

Adam: This is a really critical moment. The Senate is actually about to mark up its version of the National Defense Authorization Act on June 12th. And so the National Defense Authorization Act is something that has to pass every year to fund the US military, but it also is a bill that a number of amendments get attached to because it’s a must-pass piece of legislation.

And there’s an effort to add the Countering CCP Drones Act to that legislation. Now that act, if it passed, would actually prevent us from launching new products in the US market. And so it really is a – a massive nuclear option. There’s even a way it could be interpreted to actually be retroactive as well and impact existing products in the market. But, you know, this is really something that we need people to take action on. And so it – it impacts – it impacts everybody, by the way. It’s not just government and business, it would also impact the consumer market as well.

Billy: Sure. Now you – you spoke about taking action. So what can we do, right? Like what – as you know, for me myself as a drone pilot, and maybe my other friends who are in law enforcement or who are just everyday drone flyers that like to do it for fun or for business – what can they do to help stop this act and to make sure that we can continue to use these drones?

Adam: I’d strongly advocate for people to go to the Drone Advocacy Alliance. That’s a basically an organization that’s been set up by software providers that write software for drones, training organizations, and drone service providers, and many others to really come together to try and get their voice heard on the hill. But also to allow end users – whether they’re recreational or business users – make their voice heard as well. And so if you go to the Drone Advocacy Alliance website, it will give you more information on the Countering CCP Drones Act, but it will also give you a very quick and easy way to email or call your representative or senator, in this case, to actually get your point across.

Billy: Awesome. And hey look, I’m going to leave a link to that down in the description below. So if you guys want to check it out, be sure to click on that, check out all the information on there, and find out how you can take action. Adam, before we go, do you have anything else to mention?

Adam: Yeah, just that this is really like the – the time to make your voice heard. I know from seeing some people on social media, they feel maybe a little bit despondent sometimes or wonder if it’s actually worth reaching out to their senator, and it absolutely is. These people work for you, right? You pay their salary, you elect them, and so send the email – that’s great. If you can make the phone call, that’s even more impactful. If you know your senator, even better – try to do a face-to-face meeting or a video call to try and get your point across.

But for most of our users, an email or a phone call is going to be the easiest option. If they do that, please make sure that you put your point forward as your point, right? Explain how this would impact your business or your hobby, and do it in, you know, a diplomatic way. There’s real high passions over this issue. We’ve got a lot of great end users and customers who are very, very passionate about this, but we need to express ourselves in a diplomatic and professional manner because that’s the best way to get our point across.

But if I can leave people with one final thought, it’s just – this is the time to take action. If this gets through the Senate Armed Services Committee, then it’s going to be much, much harder for us to defeat this. And it really is coming up on June 12th, so now is the time.

Billy: Perfect. Well look, I couldn’t have said it any better. That’s why I had you on here. And I know personally that I’d be impacted by this, because it’s all I do – all I do is fly drones each and every day for the clients that I service. And I just don’t think I’d be able to do it without anything other than a DJI drone. So this is something that is near and dear to my heart as well. So Adam, thank you so much for jumping on here with me and giving us the facts we need to know. And again guys, if you want to get involved, be sure to check out the link down in the description.

Adam: Thanks Billy, I really appreciate it.

Conclusion

So if DJI isn’t transmitting any data back to China and if they require little to no personal information from you to actually set up an account and when you actually fly your drone, then what’s the big deal here?

Well, if you want my personal opinion – it’s these companies that can’t compete with the top dog trying to put DJI out by any means possible. And now they’re trying to go and legislate them out of the United States so that they can regain market dominance here in the United States. And that is really point blank what is going on right now.

READ MORE: BLUE SUAS PROBLEMS AND FLORIDA DMS SECRETARY ACCUSED OF PIMPING FOR SKYDIO

DJI exiting the drone market in the United States is bad for the industry as a whole. We set them as kind of like the gold standard so that drones can be manufactured to meet what DJI puts out on the market. If we didn’t have their drones, then we have a lower bar to reach for drone manufacturers to come in and give us stuff that we really aren’t going to use because it is not as good.

So if you guys want to take action, please remember to click on the link down below. This is a very pivotal moment right here for the drone industry. And if you have any questions, of course leave them down below in the comment section.

The Truth About DJI's Data Security 9

Thank you guys so much for watching and as always, I’ll talk to you later. Peace.


Discover more from DroneXL

Subscribe to get the latest posts to your email.

You May Also Like

More From Author

+ There are no comments

Add yours