Affiliate links on Android Authority may earn us a commission.Learn more.
Researchers find glaring security and privacy issues with DJI app (Updated)
August 15, 2025
Update: July 20, 2025 at 5:30 PM ET:We have more to say! Our resident drone guru Jonathan Feist weighed in on the DJI-security story over on our sister website,Drone Rush. Be sure to read the full article for more informationat dronerush.com.
Spoiler alert: Things aren’t as bad as they sound.
Original article: August 25, 2025 at 1 PM ET:One of the most populardrone appson the Google Play Store includes some worrying backend features, according to two independent reports caught byArs Technica. After reverse-engineering theDJI Go 4 app, security firmsSynacktivandGrimmfound that the software at best violates Google’s Play Store policies, and at worst, could have been used to spy on the company’s users. DJI is one of the world’s largest and most successful commercialdronemanufacturers. Based on publicly availablePlay Store metrics, the DJI Go 4 app has at least 1 million installs and as many as 5 million.
One of the more suspicious aspects of the app is that it can install any application on the user’s device through either a self-update feature or a dedicated installer provided by China’s Weibo social media giant. Both could download code from outside of the Play Store, an aspect of their design that directly violates Google’spolicies.
Additionally, a previous version of the app included a component that collected and sent various sensitive data to MobTech, an SDK developer based in mainland China. Some of the information the feature had access to was the phone’s IMEI, SIM serial number, SD card information, Bluetooth addresses, and more. DJI removed that functionality with the most recent release of the DJI Go 4 app.
Also read:The best drones you can buy
Lastly, the researchers allege the app can automatically restart any time you swipe up to close it, allowing it to continue running in the background and make network requests.
Our friends over atDrone Rushdiscussed some of this recently, see whataccusations were levied against DJIbefore.
A spokesperson for DJI toldArs Technicawhat the researchers found were “hypothetical vulnerabilities” while providing no evidence that they were ever exploited.
“The app update function described in these reports serves the very important safety goal of mitigating the use of hacked apps that seek to override our geofencing or altitude limitation features,” a spokesperson for the company said. Geofencing is a software feature authorities like theFederal Aviation Administration(FAA) mandate to prevent people from flying their drones intorestricted airspace. DJI subsequently published a moreextensive statementin which it attempts to address many of the concerns brought up by the reports. We urge you to read that full statement before getting too concerned.
Most notably, the company claims its app doesn’t restart without input from users. “We have not been able to replicate this behavior in our tests so far,” DJI said. It also stated it recently removed the MobTech and Bugly components the app previously featured after an earlier report found issues with those SDKs.
Google, for its part, said it’s looking into the reports.
The issue here is multifaceted. One major problem is software companies frequently don’t do a thorough enough job of vetting the SDKs they leverage to develop their apps. For instance, Facebook recentlyfiled a federal lawsuitagainst a company that developed an SDK that potentially compromised the data of 9.5 million users. The open nature of Android and Google’s frequent automation of most vetting procedures means apps that skirt the company’s Play Store policies can easily slip through the cracks.
Related:How to protect your privacy using Android
If you own a DJI drone and worry about your privacy, your best course of action is to uninstall the DJI Go 4 app until Google completes its investigation. If Google finds anything alarming, we will be sure to update this article with the details you need to know.
Thank you for being part of our community. Read ourComment Policybefore posting.
