Groups of researchers are raising concerns over the security and trustworthiness of an Android app that lets users control drones called DJI Go 4, which currently has at least a million downloads.
The issue boils down to the said applications covert means of gathering sensitive user data as well as having the means for its developer to execute code arbitrarily.
Made by the world’s largest commercial drone maker, DJI, the Android app collects flight data and near real-time videos.
Until only recently, it appears that DJI Go 4 has indeed been secretly gathering data from its wide user base and are being funneled to servers based in China. Worse still is the fact that the aforementioned app is also said to “spy” on its users.
While the Google Play Store shows a total number of downloads to around a million, the real numbers can be as high as 5 million, considering the platform’s rather inaccurate—or rather misleading—representation of the parameter.
In its defense, DJI responded to the allegation citing that the stated feature were being used for “legitimate purposes” or were “unilaterally removed and weren’t used maliciously.”
Via: The New York Times