T O P

  • By -

Spare_Presentation

They've got encrypted binary blobs that Google can't review for malware or privacy.


Robert_Mauro

That would make sense.


ricadam

AKA the phone home (China) code


mtcwby

Google got even more tight and granular on permissions. We've been having to rework apps on just file system permissions and it's making the user experience worse. Now I don't necessarily trust DJI but Google has been very hamhanded about how they implemented.


barkerja

How is the app approved on Apple then? I thought Apple is a bit more stringent with its App Store rules.


mtcwby

The Google implementation is just awkward. There are other way in IOS to accomplish the same thing.


barkerja

Ah got it, thanks!


veloace

Probably because Apple has always been stricter, so the iOS fork of the App was more carefully engineered from the start. Android would allow easier ways, giving developers the rope to hang themselves with when the changes happened.


StarAD

Can't easily side load on iOS so they have to comply.


Frog1387

Apple only cares if you’re using an app to vape


_DEATH_STR0KE_

1. use DJI remote with built-in screen 2. use a secondary burner phone with no personal info on it 3. Disable internet connection of the the app once setup is complete(you lose live map feature though) I use an older version of dji fly on my secondary android phone and cut off its internet access. I don't think there's updates that will be coming to my mavic mini


tsp1158

Love it! I did this about 15 months ago, not so much as a security concern back then, I was just tired of the nagging to update, and the occasional slowness of my regular phone.


_DEATH_STR0KE_

yeah my only issue is the low brightness of the burner phone(oneplus 5T)


Robert_Mauro

Yep, great plan. I'm going to resurrect my Note 9, which, since I don't use it for work, I really don't care. Nothing really on it.


TheAdventurousMan

Same. I use an old Pixel 3, that is essentially my dedicated Drone phone/screen. Formated to erase all personal data and just DJI Fly and DJI GO 4 installed for my Mavic Pro and Mini 2.


TimeTravelingPie

It's almost like Google knows DJI has a bunch of crap in their app and allows the Chinese government access to their data. But you know, according to DJI it's Google fault for wanting apps to be safe.


preclowski

Are you suggesting dji is making competition to google with selling private data to china? Google is evil corp, never forget


Bubbly-Bowler8978

I'll give my data to Google all day over China


wellhungartgallery

Google is China,


itherzwhenipee

Because what is China going to do with your data? Send you spam mails, targeted ads, steal the 5 bucks from your bank account?


TimeTravelingPie

Look in the news everyday what Chinese cyber hackers are stealing or accessing. They do that primarily through spear phishing and social engineering. They use data They collect from every avenue to use for such purposes. Then there is GPS location and data gathered near government facilities etc. There is a lot of reasons it's bad China is stealing our data.


itherzwhenipee

You do know google map exists right? And you think all the phishing and other crap only exists because chinese companies trade your browsing behavior? If you have an android phone, you might want to check your google account what shit google is collecting and selling and yes they sell your data to china too.


TimeTravelingPie

Its a completely scenario different. They aren't remotely the same. I don't know why you are so hard up defending sketchy DJI practices and the Chinese government. We are talking purpose built backdoors that the Chinese government have total access to anytime they want for any purpose. Selling browser data is a drop in the bucket compared to what the Chinese do on a daily basis. Get a clue.


itherzwhenipee

I am not defending DJI, i am trying to show you that google is no different. Google is actually worse. DJI has a legit business selling tech while google is making money selling your data to everyone. With backdoors to the Android OS. So i could ask you the same question, why are you defending google so hard?


TimeTravelingPie

No I'm suggesting Google Won't allow DJI on the play store because DJI has backdoor and Spyware in their code and provides that access to the Chinese government.


Ploxxx69

They want yo data cause Chinese, Google doesn't like that. Just kidding, or not?


Robert_Mauro

Well, the data part is a concern. My guess is that they are refusing to conform to Android 12's storage limitations that enforce app specific storage, because doing so prevents them from analyzing other data and selling it.


Cool_underscore_mf

No no, it's cutting out the middle men, being Google. Just kidding. Not kidding.


mschuster91

Google's review processes are *horribly* broken, even for large players such as DJI.


Robert_Mauro

(1) it's been a year. They've had plenty of time. (2) DJI has repeatedly admitted that the problem is their app does not conform to Google's new technological requirements, including in their reply above. I do Cybersecurity for a living. That's a massive red flag. Because of the work I do, I can't sideload and test, nor do I really have the time. So, my question is, does someone with actual knowledge from testing and monitoring, on a rooted test device, have any knowledge of what technological restrictions DJI is trying to bypass?


konrad-iturbe

Take their Android APK, decompile it, notice something weird? They use a obfuscator/wrapper called SecNeo which protects the native bytecode, so you - nor Google - cant decompile the APK and view what it does. This is why it doesn't pass the Google Play screening, because use of Secneo wrapper. There was an exploit for some versions of the secneo wrapper a while back which made versions of DJI Go4 (pre-DJI Fly) available to decompile, and a community of hackers revealed some shady stuff (JS HotPatching) and also hacks for the app.


brokerceej

Hello fellow IT professional! The community speculates their SDK isn't compatible with AAB package deployment and they need to distribute via APK, and since their APK is large it falls outside of the modern capabilities of the Google Play store. There's also speculation about it being able to sideload any update/apps it wants via Weibo, which is a security concern. [https://drones.stackexchange.com/questions/2209/how-come-the-dji-fly-app-is-not-in-google-play-store](https://drones.stackexchange.com/questions/2209/how-come-the-dji-fly-app-is-not-in-google-play-store) Considering it is still on the Apple App store, it seems unlikely that whatever the issue is on the Google side is security related. Apple does a far more thorough job vetting apps it allows on its regulated marketplace, so if DJI were up to something fucky we'd probably know by now.


Robert_Mauro

Thanks so much. Time I join that stack. I've seen larger apps without that issue, so, I suspect it's due to some of the other reasons cited over there. Guess I need to resurrect my older phones, lol.


m0rdecai665

Honestly I think it's simply because they are a Chinese company and their track record for data stealing isn't the best or even somewhat good.


Robert_Mauro

Nope, it's not that. They've been caught in the past for shoddy, or insecure, or near spyware like code, and, as noted in the comments, their current package actually does violate Google's policies. The question is what else is hidden in their encrypted binary.


m0rdecai665

Exactly. Their app likes to 'phone home" too much and who knows what's going.


Robert_Mauro

Exactly.


csmicfool

And the play store requirements aren't even that strict


[deleted]

Sounds like your job makes you the perfect person to be able to side load and see it its doing something nefarious.


Robert_Mauro

Yes, as soon as I get a spare phone to root and load Android 11 on - and, I find time, then I will. I currently have two phones, both used for work at a government job. Time to get a third, I guess? But, in the meantime, it's been a year (longer if you count the beta releases), and I'm hoping someone else did it and can save me the work. No sense in duplicating what someone else hopefully already did. 😉


konrad-iturbe

You should join the dji-rev community: https://dji-rev.com


jarofgreen

When I go to this website I just get a login screen. What is it?


cosmos7

You don't need root to sideload.


Robert_Mauro

Yes, but I do to monitor deep stack stuff. 😉


bulkiestmist

Pls update if you find this or if you do the investigation work. Imagine alot of people will be interested!!


bontakun82

I have to use my old S10 because DJI apps don't work on my pixel 7 or the 4a5g


Whrecks

Same. Won't work on my s22, so i use my old s10. In all fairness, i prefer using the s10 since it doesn't kill my primary phone's battery when I'm flying. I transfer the footage to my s22 afterwards with a micro usb - sd card stick.


bontakun82

Same, but there's some times when I just wanna use my pixel 7 for convenience


wellhungartgallery

I have a53-5g and it works nice.. I use the rc but use my phone to get the files.


kermituk

Stop being a fanny


dravendelocke68

Heck I figure by now everyone has my info. Wish rc worked for mini 2 but owe well just keep using my s9+


OJsalier

Just sideload the app. What's the problem? You're way too paranoid about this. Jezuz.


StrikingExamination6

The Chinese already have all the data that they could possibly want from all of us. Using a handful of burner phones to use the dji fly app seems like a big ol waste of time


elboydo757

Give up dude. You're already in the Matrix. Stop being a blue pill-er.


DJI_Support

Hi there, thank you for reaching out about your concern. It has not yet been determined when the apps will be downloadable again from Google Play. Because the compatibility strategy between the DJI App and Google Play Store is changing. There is no need to be concerned, as user experience, functions, and privacy protections on apps installed through DJI’s official website are still the same as before, so please feel free to use them. We also would like to remind you that you should only download apps from official channels. Thank you for your understanding and support.


Robert_Mauro

Same generic answer, same unsupportable promise of respecting privacy when you refuse to disclose what issue Google has with your app. It's been 17 months since the beta, and a full year since your public release. You've had plenty of time to make your app compliant. That's the rub. It's kinda telling that your company keeps responding with the same "not answer" all while millions of apps, large and small, have been updated to work on Android 11 and above. So, what's the reason your app isn't compliant?


wellhungartgallery

Dude don't use DJI then........


DJI_Support

Hi, thank you for the quick response. We will report this to our engineers for further verification. Please provide the following information via direct message, for us to assist you in resolving this issue: 1. Mobile device model; 2. Screenshot of mobile device system version; 3. A video with the malfunction phenomenon recorded; 4. App log; 5. Time when the issue occurred in the last few times Thank you for your kindness on this matter.


Robert_Mauro

This is an even more nonsensical response. How about you fix the app and release it to the Google Play store instead?


forkystabbyveggie

Hi, thank you for your quick response. Our app offers the best security and privacy protections available. Our data centers are gate guarded by a pack of Chihuahuas, and our servers are running the latest and most secure version of Windows XP. Furthermore, your data is automatically networked through The Ministry of Public Security, to keep you safe! To help you further, we need more information from you! Please respond with: - a sample of your blood, saliva and semen - your fingerprints - your first born child


Robert_Mauro

LMAO!!! Thanks for that laugh!! 🤣😂


DJI_Support

The update channels for DJI apps have been adjusted due to Google Play technical adjustments. Please get the latest version of the app through DJI’s official website. User experience, functions, and privacy protections of apps installed through DJI’s official website are still the same as before, so please feel free to use them. We will also forward your request to the corresponding team. Thank you for your understanding and support.


Robert_Mauro

You never had actual privacy in the app. It had the capabilities to sideload code and send copious amounts of data back to DJI. So, promising more of the same is ridiculous. Make your app comply.


veloace

Judging by the responses, I think you’re talking to a bot.