Security News > 2020 > July > Chinese Drone Giant DJI Responds to Disclosure of Android App Security Issues

Chinese Drone Giant DJI Responds to Disclosure of Android App Security Issues
2020-07-24 11:56

Chinese drone giant Da Jiang Innovations on Thursday responded to the disclosure of security issues discovered by researchers in one of its Android applications.

DJI has always denied these accusations and it has pointed to analysis conducted by the U.S. Department of Homeland Security and Booz Allen Hamilton, which shows that there is no evidence the company's government and professional drones send user data to DJI, China or other third parties.

Researchers said the DJI GO 4 Android app uses anti-debugging mechanisms, obfuscation, dynamic encryption and packing, pointing out that they are similar to the anti-analysis techniques often leveraged by malware.

"Given the wide permissions required by DJI GO 4, the DJI or Weibo Chinese servers have almost full control over the user's phone. This way of updating an Android App or pushing a new app completely circumvents Google feature module delivery or in-app updates. Google is not able then to do any verification on updates and modifications pushed by DJI," Synacktiv said.

"When our systems detect that a DJI app is not the official version - for example, if it has been modified to remove critical flight safety features like geofencing or altitude restrictions - we notify the user and require them to download the most recent official version of the app from our website. In future versions, users will also be able to download the official version from Google Play if it is available in their country. If users do not consent to doing so, their unauthorized version of the app will be disabled for safety reasons," DJI explained.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/OBhDNT2NQgY/chinese-drone-giant-dji-responds-disclosure-android-app-security-issues