DJI Statement On Further Misleading Claims About App Security

Today’s report from the Synacktiv digital security firm about DJI software includes further inaccuracies and misleading statements about how our products work, following similar reports from them last week. We want to make clear that DJI’s products protect user data; that DJI, like most software companies, continually updates products as real and perceived vulnerabilities come to light; and that there is no evidence that any of the hypothetical vulnerabilities reported by Synacktiv have ever been exploited. In this post, we address Synacktiv’s new report.

Synacktiv’s False Claim Concerning Weibo SDK

The DJI Pilot app for Android available from both the DJI website and the Google Play store do not integrate a software development kit (SDK) to connect with Weibo. This claim by Synacktiv is false. In fact, no versions of the DJI Pilot app have any function for users to share data to Weibo.

Synacktiv’s Misleading Claims Concerning DJI Pilot Auto-Updates

The DJI Pilot app for Android that is available on the Google Play store only updates to official versions downloaded from the Google Play store. The user is prompted to update in a pop-up window, and the app will not update unless the user agrees. For customers who operate our products in countries where the Google Play store is not available, the app and app updates are made available on our website. The headline, summary, and first half of Synacktiv’s report are intentionally misleading because they fail to note that this mechanism is limited to the website version of the DJI Pilot app only, and does not affect anyone who obtains the DJI Pilot app from the Google Play store.

Synacktiv’s Incomplete Understanding of DJI’s Geofencing System

The DJI Pilot app includes a feature called Local Data Mode that allows the user to sever the connection to the internet as soon as the setting is turned on in the app. In addition to enhancing data security assurance, this feature blocks the drone’s ability to update flight safety restrictions and blocks the user’s ability to “unlock” some geofenced areas. However, Synacktiv appears to misunderstand the function of DJI’s geofencing safety system and the many other available methods for customers to unlock. For example, government agencies can participate in our Qualified Entities Program which unlocks the entire region they request, with no need to connect to the internet after initial activation. Also, our Government Edition drones have no geofencing at all. DJI users understand these limitations and plan ahead for when and how to unlock geofencing flight restrictions, if needed. 

As with automatic updates, these features are implemented for purposes that benefit the public by enhancing airspace safety during the use of our products. The important safety role of geofencing has been recognized by the U.S. Federal Aviation Administration’s (FAA) Drone Advisory Committee; the Airports International Council-North America and Association for Unmanned Vehicle Systems International joint Blue Ribbon Task Force on Airport Mitigation; and the FAA-industry joint Unmanned Aircraft Safety Team. No other company has done as much as DJI to proactively enhance the safety of drone operations. We are dismayed that safety features have again been misunderstood and misconstrued as hypothetical security threats by researchers who are evidently unfamiliar with the operation of drone technology.

DJI Immediately Remediated The Prior Reported Issues

While Synacktiv’s exaggerated and misleading initial report on security was cited in the New York Times, a serious examination of their work shows it falls short. DJI promptly updated the DJI GO 4 Android app July 31 to address the earlier hypothetical concerns Synacktiv noted about the DJI GO 4 app, removing the Weibo SDK and directing automatic safety-related updates to the Google Play store rather than our website.

DJI remains the only drone manufacturer to have its products successfully evaluated in publicly-available reports by multiple independent government and private institutions. DJI also remains the only drone manufacturer to have created a Bug Bounty Program to actively solicit responsible disclosure of security vulnerabilities and pays rewards to the researchers who find them.

For further details on DJI’s robust security protections, please refer to our response to the original allegations at this link: https://www.dji.com/ie/newsroom/news/dji-statement-on-recent-reports-from-security-researchers

Get Ready To Up Your Creative Game With The New DJI Mavic Air 2

Get Ready To Up Your Creative Game With The New DJI Mavic Air 2

Reimagining The Experience Of Aerial Creativity, Mavic Air 2 Is The Smartest, Safest And Easiest-To-Fly Consumer Drone to Date

DJI, the global leader in civilian drones and aerial imaging technology, today ushers in a new era of aerial creativity with the Mavic Air 2 drone, combining high-grade imaging, intuitive yet advanced flight performance and revolutionary smart and safe technology in the best all-around drone we’ve ever made.

Created to make capturing unique, high-quality content from the air simple, fun, and safe, Mavic Air 2 offers flagship capabilities in a compact and easy to use folding drone that features 8K functionality. A larger 1/2” camera sensor offers high-resolution photos and videos to make content stand out, while advanced programmed flight modes, intelligent features and imaging technology make capturing professional-looking content effortless. Pilots can now stay in the sky longer with an enhanced maximum flight time, capture vivid imagery with completely revamped autonomous capabilities, and wholly transform their content with in-app editing features.

“Mavic Air 2 is another milestone for DJI, demonstrating that our smartest consumer drone does not have to be the largest,” said DJI President Roger Luo. “While the Mavic Air 2 bears all the hallmarks of the Mavic drone family, we had to completely rethink its design and development process. Our goal was to create a drone that offered the best overall experience possible to even the most novice pilot. We hope our drones can help boost creativity and become a fun yet educational experience that can be enjoyed, even at this unprecedented moment in history.”

Robust Imaging Capabilities for Every Type of Creator

The new Mavic Air 2 reimagines how quality content can be captured in a portable, folding drone. No matter the skill level of the pilot, Mavic Air 2’s features and technology are sure to appeal to every creative visionary. Mavic Air 2 is the first drone in the Mavic series to offer 4K video at 60 fps and 120 Mbps. Additionally, users can record unique content using HDR video[1], 4X Slow Motion in 1080p at 120 fps or 8X Slow Motion in 1080p at 240 fps. Pilots can record 12-megapixel[2] images or choose a new high-resolution 48-megapixel feature that photographs in stunning detail, while a mechanical 3-axis gimbal helps compensate for camera shake to create smooth and stable footage, even in unpredictable scenarios. Taking full advantage of the large Quad Bayer 1/2″ sensor, the Mavic Air 2 is the perfect tool to take creativity to the next level with a suite of image capture modes. The newly added SmartPhoto records 12-megapixel photos using advanced scene analysis and deep learning to automatically choose one of three image capture options.  

  • HDR photos: Mavic Air 2 automatically captures seven varying exposures of the same photograph, merging them together to bring out a highly dynamic image.
  • Hyperlight: Hyperlight is designed for low-light scenarios, taking multiple photographs and merging them to bring out a clear image with less of the noise which usually occurs in low-light scenes.
  • Scene Recognition: Mavic Air 2 can recognize five categories of scenes including sunsets, blue skies, grass, snow, and trees, then optimize settings to make the photograph pop by bringing out the highest degree of color, detail, and tones.

Unparalleled Flight Performance

Mavic Air 2 completely rebuilt the basics of drone flight to open up the skies for more exploration for everyone who is passionate about drone technology. Despite only weighing as much as a small water bottle at 570 grams, the Mavic Air 2 features new motors, new electronic speed controllers (ESCs), enhanced battery technology and an aerodynamic design to provide a maximum flight time of up to 34 minutes. DJI’s proprietary OcuSync 2.0 transmission technology has been upgraded to deliver an extremely reliable and stable HD video feed from the drone at a maximum distance of 10km[3]. OcuSync 2.0 supports both 2.4GHz and 5.8GHz frequency bands and uses an auto-switching feature to move between the two based on signal strength, while anti-interference technology blocks unwanted signals to keep the video feed clear.

Setting a New Standard for Drone Safety

Mavic Air 2 is equipped with unprecedented new safety features to help make flying as safe as possible. Obstacle sensors on the front and rear of the drone warn pilots when they’re too close to an object and can also be set to stop the drone from moving any closer to avoid collision. Additional sensors and auxiliary lights on the bottom of Mavic Air 2 assist with several functions including smooth, automatic landing even in difficult lighting. Mavic Air 2 also comes equipped with our GEO geofencing solution to help keep drones away from the highest-risk locations, such as busy airports.

Advanced Pilot Assistance System (APAS) 3.0 brings the next level of autonomous flying to DJI drones. When users enable APAS 3.0, as obstacles come into the drone’s path, Mavic Air 2 will create a new path around, under or over the object to avoid collision, giving pilots the confidence to fly in more complex situations while focusing on capturing their ideal images. Using 3D mapping, the updated version aids in smooth transitions and more fluid movements around objects even in highly complex environments.

In accordance with DJI’s industry-leading 10-point Elevating Safety vision published last year, Mavic Air 2 is also DJI’s first consumer drone designed to include AirSense technology[4], which provides enhanced safety by warning drone pilots of other aircraft nearby. AirSense uses aviation technology known as ADS-B to receive signals from nearby airplanes and helicopters, and displays their location on the drone pilot’s control screen. As these other aircraft approach the drone, AirSense will warn the drone pilot with messages, sounds and vibrations, enhancing the pilot’s awareness and ability to move the drone safely away.

“DJI has an unwavering commitment to enhance drone safety with technology, and Mavic Air 2 implements yet another pioneering safety solution for drone operations,” said DJI Vice President of Policy & Legal Affairs Brendan Schulman. “Our ambitious commitment to installing ADS-B in our new product models means Mavic Air 2 will be the world’s largest single deployment of ADS-B receiver technology, fulfilling and furthering our vision as the industry’s leader on voluntary safety efforts.”

Powerful Intelligent Features

Mavic Air 2 is packed with optimized intelligent features allowing users to quickly and easily record images and video that deserves to be shared with the world. FocusTrack[5] is the most advanced tracking feature on any DJI drone and offers three different capture modes:

  • ActiveTrack 3.0: Select a subject for Mavic Air 2 to automatically follow. The third iteration of ActiveTrack uses state-of-the-art mapping technology and new flight path algorithms to offer improved subject tracking and obstacle avoidance, along with the ability to quickly re-engage the subject if it temporarily moves behind an object.
  • Point of Interest 3.0: Set an automated flight path around a specific subject. The updated iteration improves surface recognition to better dynamically track subjects.
  • Spotlight 2.0: Found in professional DJI drones, Spotlight locks a subject in the frame while the user has free operation of the drone’s movement. 

A Hyperlapse feature brings the visual appeal of timelapse but with the added element of the drone physically moving. For the first time, Hyperlapse can be shot in a max resolution of 8K[6] while pilots can choose four flight modes including Free movement, Circle, CourseLock and WayPoints. Pilots can also choose from several pre-programmed flight maneuvers known as QuickShots, which use a 3-axis mechanical gimbal and electronic image stabilization for unmatched video quality. Simply tap the desired mode and Mavic Air 2 will automatically create stunning, cinematic content. Pilots can choose Rocket, Circle, Dronie, Helix, Boomerang or Asteroid.

Intuitive App, Convenient Editing and a Wealth of Accessories

An updated version of the DJI Fly app adds more advanced functionality for Mavic Air 2 while maintaining its user-friendly navigation. New tutorials get users familiarized with the drone and quickly in the air to start capturing compelling footage. Easy to use in-app editing features make the DJI Fly app a one-stop tool to edit and adjust the footage captured. Mavic Air 2 will be supported by a host of additional useful accessories including a shoulder bag, ND filter sets, propeller guards, protective case, tablet holder for the controller and monitor hood.

Pricing and Availability

The COVID-19 pandemic has introduced new complexities for global shipping and logistics of many products. As a result, the Mavic Air 2 will be initially available for immediate purchase in China today while other regions will begin taking preorders today with an expected ship time of mid-May. Mavic Air 2 will be available in two purchasing options: a standard package which includes Mavic Air 2, one battery, remote controller and all the required wires and cables for $799 USD, and the Fly More option which includes all items from the standard version as well as a shoulder bag, ND filters, charging hub, and 3 batteries for $988 USD. Mavic Air 2 is available for preorder through all authorized retailers as well DJI’s online store: https://store.dji.com/product/mavic-air-2

DJI Care Refresh

DJI Care Refresh is now available for Mavic Air 2. For a small  additional charge, DJI Care Refresh offers comprehensive coverage for incidents such as collision and water damage as well as up to two replacement units within one year. Receive your replacement even sooner with DJI Care Refresh Express. DJI Care Refresh also includes VIP after-sales support and free two-way shipping. For a full list of details and pricing, please visit: https://www.dji.com/ie/service/djicare-refresh

 To learn more about Mavic Air 2, please visit: www.dji.com/ie/mavic-air-2


[1] HDR video is available at a max resolution of 4K 30.

[2] 12-megapixel photos use advanced processing and pixel binning

[3] Mavic Air 2 transmission system has a maximum range of 10 km when unobstructed, free of interference, and FCC compliant. Maximum flight range specification is a proxy for radio link strength and resilience. Always fly your drone within visual line of sight unless otherwise permitted and check local laws and regulations in the region being operated

[4] Due to supply chain shortages related to the coronavirus pandemic, Mavic Air 2 units equipped with AirSense ADS-B will initially only be available in North America. A version of Mavic Air 2 will be available outside of North America without ADS-B. The two models are identical in all other aspects such as flight and imaging performance.

[5] FocusTrack and APAS available in a max video resolution of 4K 30fps, 2.7K 60fps and 1080p 60fps.

[6] 8K HyperLapse can only use flight modes Free mode and Waypoints. 8K and 1080p are available at launch and additional resolutions will be added at a later date.

DJI Statement On Recent Reports From Security Researchers

DJI Statement On Recent Reports From Security Researchers

DJI takes the security of its apps and the privacy of customer data seriously. While these researchers discovered two hypothetical vulnerabilities in one of our recreational apps, nothing in their work is relevant to, or contradicts, the reports from the U.S. Department of Homeland SecurityBooz Allen Hamilton and others that have found no evidence of unexpected data transmission connections from DJI’s apps designed for government and professional customers.

These researchers found typical software concerns, with no evidence they have ever been exploited. The app update function described in these reports serves the very important safety goal of mitigating the use of hacked apps that seek to override our geofencing or altitude limitation features. As the only major drone manufacturer with a Bug Bounty Program, we encourage all researchers to responsibly disclose security concerns about our products at security.dji.com.

We design our systems so DJI customers have full control over how or whether to share their photos, videos and flight logs, and we support the creation of industry standards for drone data security that will provide protection and confidence for all drone users.

We hope these details provide more context to understand these reports:

  • When our systems detect that a DJI app is not the official version – for example, if it has been modified to remove critical flight safety features like geofencing or altitude restrictions – we notify the user and require them to download the most recent official version of the app from our website. In future versions, users will also be able to download the official version from Google Play if it is available in their country. If users do not consent to doing so, their unauthorized (hacked) version of the app will be disabled for safety reasons.
  • Because our recreational customers often want to share their photos and videos with friends and family on social media, DJI integrates our consumer apps with the leading social media sites via their native SDKs. We must direct questions about the security of these SDKs to their respective social media services. However, please note that the SDK is only used when our users proactively turn it on.
  • DJI GO 4 is not able to restart itself without input from the user, and we are investigating why these researchers claim it did so. We have not been able to replicate this behavior in our tests so far.
  • The hypothetical vulnerabilities outlined in these reports are best characterized as potential bugs, which we have proactively tried to identify through our Bug Bounty Program, where security researchers responsibly disclose security issues they discover in exchange for payments of up to $30,000. Since all DJI flight control apps are designed to work in any country, we have been able to improve our software thanks to contributions from researchers all over the world, as seen on this list.
  • The MobTech and Bugly components identified in these reports were previously removed from DJI flight control apps after earlier researchers identified potential security flaws in them. Again, there is no evidence they were ever exploited, and they were not used in DJI’s flight control systems for government and professional customers.
  • The DJI GO4 app is primarily used to control our recreational drone products. DJI’s drone products designed for government agencies do not transmit data to DJI and are compatible only with a non-commercially available version of the DJI Pilot app. The software for these drones is only updated via an offline process, meaning this report is irrelevant to drones intended for sensitive government use. A recent security report from Booz Allen Hamilton audited these systems and found no evidence that the data or information collected by these drones is being transmitted to DJI, China, or any other unexpected party.
  • DJI has long called for the creation of industry standards for drone data security, a process which we hope will continue to provide appropriate protections for drone users with security concerns. If this type of feature, intended to assure safety, is a concern, it should be addressed in objective standards that can be specified by customers. DJI is committed to protecting drone user data, which is why we design our systems so drone users have control of whether they share any data with us. We also are committed to safety, trying to contribute technology solutions to keep the airspace safe.