News Categories

DJI removes plugins that collect too much user data from its GO and GO 4 apps

By Ian Chee - on 29 Aug 2017, 3:45pm

DJI removes plugins that collect too much user data from its GO and GO 4 apps

DJI has previously been plagued with issues of security, and now with the latest news being the company’s mobile apps collecting too much user data, the drone maker is caught between a metaphorical rock and a hard place.

A screenshot from the DJI GO 4 app from our review of the DJI Spark.

The company claims that a third-party company collected data about drone users without their permission, and is now revoking access of the plugin called JPush with a new software update. The plugin was used in the DJI GO and GO 4 apps, and was supposed to help serve push notifications when you used them to upload videos to the SkyPixel platform. It doesn’t need a lot of data, but it ended up collecting excessive amounts anyway, including personal data like apps installed on your Android device.

At the same time, DJI is also removing “hot-patching” plugins jsPatch (iOS) and Tinker (Android) of the DJI Go and GO 4 apps, which updated elements within the apps without updating the whole thing. All the removal is done via an update to the apps, which should have already gone live. DJI is also having an internal educational program for developers, a more rigorous code review and testing process, and a bug bounty program that will pay up to US$30,000 (~RM127,944) for identifying exploits.

This looks like a pretty tough balancing act, having to add features so that DJI is not seen as a company that’s slack on security, and removing those that collect more data than is needed. That said, we can definitely appreciate that DJI is proactively removing features that are collecting unnecessary private data, instead of waiting to be called out like AccuWeather.

Source: DJI via The Verge.