DJI update will remove plugins which shared user data sans permission

According to DJI, a third party company collected and gathered intel about drone users sans their permission. They were kept in the blind about such an activity happening. And it seems that it is now revoking the plugin’s access in a new software update.

The company came forward and clarified in a blog post stating that a third party plugin namely Jspot was employed in its DJI GO and DJI GO 4 apps designed for Android. This was done to aid the process of serving push notifications when any video files were uploaded to DJI’s SkyPixel video sharing platform.
DJI says that the app ended up gathering information and personal data which also included a list of the app installed on the user’s Android device.

The company says that it has revoked the Jspot’s access when it was found that such an act was happening. They have also worked to remove the “hot-patching” plugins jsPatch for iOS and Tinker for Android. These let the drone update the elements within their drone apps without having to update the entire app. With this, The DJI launched an educational program for developers to aim towards a hard and tough code review/testing process along with a bug bounty program which will pay the users up to $30,000, if they are able to identify any exploits. Seems like an interesting program, right readers?

This step means that DJI is taking users’ data extortion concern very seriously and gravely, especially when it can be traced back to the DJI’s own company-issued apps and any random downloads from the PlayStore. The update will come today after the DJI adds a local mode to all its drones for users with the aim to fly them in private and without transmitting any personal data over the technology of the internet. Well, it is fair enough, after all. Who wouldn’t want their privacy to be exploited and be accessible to anyone with an internet connection?

It is a good thing that an immediate step was taken to cease anymore damage to happen. The concerns of vulnerable users have been put to rest and assured that nothing like this would take place in future. I would say, that this is such a nice and appreciative way to treat their customers, without getting defensive, they admit their mistake and took the lead. Cheers to that!

If you have any doubts or query, please do mention them in the comment box down below or punch us an email. Happy reading!