DJI’s Go 4 Android app found to have significant spyware capabilities, possibly unused

In my comments to the FAA regarding their NPRM to require mandatory Remote ID and data logging into cloud-based data bases, I pointed out that the FAA was establishing a nationwide aerial surveillance network. This finding appears to validate my comments to the FAA:

According to the reports, the suspicious behaviors include:

The ability to download and install any application of the developers’ choice through either a self-update feature or a dedicated installer in a software development kit provided by China-based social media platform Weibo. Both features could download code outside of Play, in violation of Google’s terms.

A recently removed component that collected a wealth of phone data including IMEI, IMSI, carrier name, SIM serial Number, SD card information, OS language, kernel version, screen size and brightness, wireless network name, address and MAC, and Bluetooth addresses. These details and more were sent to MobTech, maker of a software developer kit used until the most recent release of the app.

Automatic restarts whenever a user swiped the app to close it. The restarts cause the app to run in the background and continue to make network requests.

Advanced obfuscation techniques that make third-party analysis of the app time-consuming.

Source: Chinese-made drone app in Google Play spooks security researchers | Ars Technica

DJI admits the software has these capabilities with this double speak:

DJI officials said the researchers found “hypothetical vulnerabilities” and that neither report provided any evidence that they were ever exploited.

The FAA said they processed all 50,000+ public comments received in regards to their NPRM on Remote ID in just 60 days and are now full speed ahead on implementing their final rule, to be released in December of 2020. My expectation is the FAA will ignore most public input and will ram this rule through at all costs, as they were bought off by AmazonGoogleUPS. While the rule will not ban drones, it is likely to make flying a personal drone expensive and difficult, with mandatory real time tracking and logging into cloud databases of every flight – in other words, a potentially de facto ban on most personal flying. Their proposed rules, in fact, do call for the eventual banning of all home made radio controlled airplanes – a large hobby that has existed safely for over 90 years.

The FAA is, like most government agencies now, acts as authoritarian tyrant.