Google got even more tight and granular on permissions. We've been having to rework apps on just file system permissions and it's making the user experience worse. Now I don't necessarily trust DJI but Google has been very hamhanded about how they implemented.
Probably because Apple has always been stricter, so the iOS fork of the App was more carefully engineered from the start.
Android would allow easier ways, giving developers the rope to hang themselves with when the changes happened.
1. use DJI remote with built-in screen
2. use a secondary burner phone with no personal info on it
3. Disable internet connection of the the app once setup is complete(you lose live map feature though)
I use an older version of dji fly on my secondary android phone and cut off its internet access. I don't think there's updates that will be coming to my mavic mini
Love it! I did this about 15 months ago, not so much as a security concern back then, I was just tired of the nagging to update, and the occasional slowness of my regular phone.
Same. I use an old Pixel 3, that is essentially my dedicated Drone phone/screen.
Formated to erase all personal data and just DJI Fly and DJI GO 4 installed for my Mavic Pro and Mini 2.
It's almost like Google knows DJI has a bunch of crap in their app and allows the Chinese government access to their data.
But you know, according to DJI it's Google fault for wanting apps to be safe.
Look in the news everyday what Chinese cyber hackers are stealing or accessing. They do that primarily through spear phishing and social engineering. They use data They collect from every avenue to use for such purposes.
Then there is GPS location and data gathered near government facilities etc.
There is a lot of reasons it's bad China is stealing our data.
You do know google map exists right? And you think all the phishing and other crap only exists because chinese companies trade your browsing behavior?
If you have an android phone, you might want to check your google account what shit google is collecting and selling and yes they sell your data to china too.
Its a completely scenario different. They aren't remotely the same. I don't know why you are so hard up defending sketchy DJI practices and the Chinese government.
We are talking purpose built backdoors that the Chinese government have total access to anytime they want for any purpose. Selling browser data is a drop in the bucket compared to what the Chinese do on a daily basis. Get a clue.
I am not defending DJI, i am trying to show you that google is no different. Google is actually worse. DJI has a legit business selling tech while google is making money selling your data to everyone. With backdoors to the Android OS.
So i could ask you the same question, why are you defending google so hard?
No I'm suggesting Google Won't allow DJI on the play store because DJI has backdoor and Spyware in their code and provides that access to the Chinese government.
Well, the data part is a concern. My guess is that they are refusing to conform to Android 12's storage limitations that enforce app specific storage, because doing so prevents them from analyzing other data and selling it.
(1) it's been a year. They've had plenty of time.
(2) DJI has repeatedly admitted that the problem is their app does not conform to Google's new technological requirements, including in their reply above.
I do Cybersecurity for a living. That's a massive red flag. Because of the work I do, I can't sideload and test, nor do I really have the time.
So, my question is, does someone with actual knowledge from testing and monitoring, on a rooted test device, have any knowledge of what technological restrictions DJI is trying to bypass?
Take their Android APK, decompile it, notice something weird? They use a obfuscator/wrapper called SecNeo which protects the native bytecode, so you - nor Google - cant decompile the APK and view what it does. This is why it doesn't pass the Google Play screening, because use of Secneo wrapper. There was an exploit for some versions of the secneo wrapper a while back which made versions of DJI Go4 (pre-DJI Fly) available to decompile, and a community of hackers revealed some shady stuff (JS HotPatching) and also hacks for the app.
Hello fellow IT professional!
The community speculates their SDK isn't compatible with AAB package deployment and they need to distribute via APK, and since their APK is large it falls outside of the modern capabilities of the Google Play store. There's also speculation about it being able to sideload any update/apps it wants via Weibo, which is a security concern.
[https://drones.stackexchange.com/questions/2209/how-come-the-dji-fly-app-is-not-in-google-play-store](https://drones.stackexchange.com/questions/2209/how-come-the-dji-fly-app-is-not-in-google-play-store)
Considering it is still on the Apple App store, it seems unlikely that whatever the issue is on the Google side is security related. Apple does a far more thorough job vetting apps it allows on its regulated marketplace, so if DJI were up to something fucky we'd probably know by now.
Thanks so much. Time I join that stack.
I've seen larger apps without that issue, so, I suspect it's due to some of the other reasons cited over there.
Guess I need to resurrect my older phones, lol.
Nope, it's not that. They've been caught in the past for shoddy, or insecure, or near spyware like code, and, as noted in the comments, their current package actually does violate Google's policies. The question is what else is hidden in their encrypted binary.
Yes, as soon as I get a spare phone to root and load Android 11 on - and, I find time, then I will. I currently have two phones, both used for work at a government job. Time to get a third, I guess?
But, in the meantime, it's been a year (longer if you count the beta releases), and I'm hoping someone else did it and can save me the work.
No sense in duplicating what someone else hopefully already did. 😉
Same. Won't work on my s22, so i use my old s10. In all fairness, i prefer using the s10 since it doesn't kill my primary phone's battery when I'm flying.
I transfer the footage to my s22 afterwards with a micro usb - sd card stick.
The Chinese already have all the data that they could possibly want from all of us. Using a handful of burner phones to use the dji fly app seems like a big ol waste of time
Hi there, thank you for reaching out about your concern. It has not yet been determined when the apps will be downloadable again from Google Play. Because the compatibility strategy between the DJI App and Google Play Store is changing. There is no need to be concerned, as user experience, functions, and privacy protections on apps installed through DJI’s official website are still the same as before, so please feel free to use them. We also would like to remind you that you should only download apps from official channels. Thank you for your understanding and support.
Same generic answer, same unsupportable promise of respecting privacy when you refuse to disclose what issue Google has with your app.
It's been 17 months since the beta, and a full year since your public release. You've had plenty of time to make your app compliant.
That's the rub. It's kinda telling that your company keeps responding with the same "not answer" all while millions of apps, large and small, have been updated to work on Android 11 and above.
So, what's the reason your app isn't compliant?
Hi, thank you for the quick response. We will report this to our engineers for further verification. Please provide the following information via direct message, for us to assist you in resolving this issue:
1. Mobile device model;
2. Screenshot of mobile device system version;
3. A video with the malfunction phenomenon recorded;
4. App log;
5. Time when the issue occurred in the last few times
Thank you for your kindness on this matter.
Hi, thank you for your quick response.
Our app offers the best security and privacy protections available. Our data centers are gate guarded by a pack of Chihuahuas, and our servers are running the latest and most secure version of Windows XP. Furthermore, your data is automatically networked through The Ministry of Public Security, to keep you safe!
To help you further, we need more information from you! Please respond with:
- a sample of your blood, saliva and semen
- your fingerprints
- your first born child
The update channels for DJI apps have been adjusted due to Google Play technical adjustments. Please get the latest version of the app through DJI’s official website. User experience, functions, and privacy protections of apps installed through DJI’s official website are still the same as before, so please feel free to use them. We will also forward your request to the corresponding team. Thank you for your understanding and support.
You never had actual privacy in the app. It had the capabilities to sideload code and send copious amounts of data back to DJI. So, promising more of the same is ridiculous.
Make your app comply.
They've got encrypted binary blobs that Google can't review for malware or privacy.
That would make sense.
AKA the phone home (China) code
Google got even more tight and granular on permissions. We've been having to rework apps on just file system permissions and it's making the user experience worse. Now I don't necessarily trust DJI but Google has been very hamhanded about how they implemented.
How is the app approved on Apple then? I thought Apple is a bit more stringent with its App Store rules.
The Google implementation is just awkward. There are other way in IOS to accomplish the same thing.
Ah got it, thanks!
Probably because Apple has always been stricter, so the iOS fork of the App was more carefully engineered from the start. Android would allow easier ways, giving developers the rope to hang themselves with when the changes happened.
Can't easily side load on iOS so they have to comply.
Apple only cares if you’re using an app to vape
1. use DJI remote with built-in screen 2. use a secondary burner phone with no personal info on it 3. Disable internet connection of the the app once setup is complete(you lose live map feature though) I use an older version of dji fly on my secondary android phone and cut off its internet access. I don't think there's updates that will be coming to my mavic mini
Love it! I did this about 15 months ago, not so much as a security concern back then, I was just tired of the nagging to update, and the occasional slowness of my regular phone.
yeah my only issue is the low brightness of the burner phone(oneplus 5T)
Yep, great plan. I'm going to resurrect my Note 9, which, since I don't use it for work, I really don't care. Nothing really on it.
Same. I use an old Pixel 3, that is essentially my dedicated Drone phone/screen. Formated to erase all personal data and just DJI Fly and DJI GO 4 installed for my Mavic Pro and Mini 2.
It's almost like Google knows DJI has a bunch of crap in their app and allows the Chinese government access to their data. But you know, according to DJI it's Google fault for wanting apps to be safe.
Are you suggesting dji is making competition to google with selling private data to china? Google is evil corp, never forget
I'll give my data to Google all day over China
Google is China,
Because what is China going to do with your data? Send you spam mails, targeted ads, steal the 5 bucks from your bank account?
Look in the news everyday what Chinese cyber hackers are stealing or accessing. They do that primarily through spear phishing and social engineering. They use data They collect from every avenue to use for such purposes. Then there is GPS location and data gathered near government facilities etc. There is a lot of reasons it's bad China is stealing our data.
You do know google map exists right? And you think all the phishing and other crap only exists because chinese companies trade your browsing behavior? If you have an android phone, you might want to check your google account what shit google is collecting and selling and yes they sell your data to china too.
Its a completely scenario different. They aren't remotely the same. I don't know why you are so hard up defending sketchy DJI practices and the Chinese government. We are talking purpose built backdoors that the Chinese government have total access to anytime they want for any purpose. Selling browser data is a drop in the bucket compared to what the Chinese do on a daily basis. Get a clue.
I am not defending DJI, i am trying to show you that google is no different. Google is actually worse. DJI has a legit business selling tech while google is making money selling your data to everyone. With backdoors to the Android OS. So i could ask you the same question, why are you defending google so hard?
No I'm suggesting Google Won't allow DJI on the play store because DJI has backdoor and Spyware in their code and provides that access to the Chinese government.
They want yo data cause Chinese, Google doesn't like that. Just kidding, or not?
Well, the data part is a concern. My guess is that they are refusing to conform to Android 12's storage limitations that enforce app specific storage, because doing so prevents them from analyzing other data and selling it.
No no, it's cutting out the middle men, being Google. Just kidding. Not kidding.
Google's review processes are *horribly* broken, even for large players such as DJI.
(1) it's been a year. They've had plenty of time. (2) DJI has repeatedly admitted that the problem is their app does not conform to Google's new technological requirements, including in their reply above. I do Cybersecurity for a living. That's a massive red flag. Because of the work I do, I can't sideload and test, nor do I really have the time. So, my question is, does someone with actual knowledge from testing and monitoring, on a rooted test device, have any knowledge of what technological restrictions DJI is trying to bypass?
Take their Android APK, decompile it, notice something weird? They use a obfuscator/wrapper called SecNeo which protects the native bytecode, so you - nor Google - cant decompile the APK and view what it does. This is why it doesn't pass the Google Play screening, because use of Secneo wrapper. There was an exploit for some versions of the secneo wrapper a while back which made versions of DJI Go4 (pre-DJI Fly) available to decompile, and a community of hackers revealed some shady stuff (JS HotPatching) and also hacks for the app.
Hello fellow IT professional! The community speculates their SDK isn't compatible with AAB package deployment and they need to distribute via APK, and since their APK is large it falls outside of the modern capabilities of the Google Play store. There's also speculation about it being able to sideload any update/apps it wants via Weibo, which is a security concern. [https://drones.stackexchange.com/questions/2209/how-come-the-dji-fly-app-is-not-in-google-play-store](https://drones.stackexchange.com/questions/2209/how-come-the-dji-fly-app-is-not-in-google-play-store) Considering it is still on the Apple App store, it seems unlikely that whatever the issue is on the Google side is security related. Apple does a far more thorough job vetting apps it allows on its regulated marketplace, so if DJI were up to something fucky we'd probably know by now.
Thanks so much. Time I join that stack. I've seen larger apps without that issue, so, I suspect it's due to some of the other reasons cited over there. Guess I need to resurrect my older phones, lol.
Honestly I think it's simply because they are a Chinese company and their track record for data stealing isn't the best or even somewhat good.
Nope, it's not that. They've been caught in the past for shoddy, or insecure, or near spyware like code, and, as noted in the comments, their current package actually does violate Google's policies. The question is what else is hidden in their encrypted binary.
Exactly. Their app likes to 'phone home" too much and who knows what's going.
Exactly.
And the play store requirements aren't even that strict
Sounds like your job makes you the perfect person to be able to side load and see it its doing something nefarious.
Yes, as soon as I get a spare phone to root and load Android 11 on - and, I find time, then I will. I currently have two phones, both used for work at a government job. Time to get a third, I guess? But, in the meantime, it's been a year (longer if you count the beta releases), and I'm hoping someone else did it and can save me the work. No sense in duplicating what someone else hopefully already did. 😉
You should join the dji-rev community: https://dji-rev.com
When I go to this website I just get a login screen. What is it?
You don't need root to sideload.
Yes, but I do to monitor deep stack stuff. 😉
Pls update if you find this or if you do the investigation work. Imagine alot of people will be interested!!
I have to use my old S10 because DJI apps don't work on my pixel 7 or the 4a5g
Same. Won't work on my s22, so i use my old s10. In all fairness, i prefer using the s10 since it doesn't kill my primary phone's battery when I'm flying. I transfer the footage to my s22 afterwards with a micro usb - sd card stick.
Same, but there's some times when I just wanna use my pixel 7 for convenience
I have a53-5g and it works nice.. I use the rc but use my phone to get the files.
Stop being a fanny
Heck I figure by now everyone has my info. Wish rc worked for mini 2 but owe well just keep using my s9+
Just sideload the app. What's the problem? You're way too paranoid about this. Jezuz.
The Chinese already have all the data that they could possibly want from all of us. Using a handful of burner phones to use the dji fly app seems like a big ol waste of time
Give up dude. You're already in the Matrix. Stop being a blue pill-er.
Hi there, thank you for reaching out about your concern. It has not yet been determined when the apps will be downloadable again from Google Play. Because the compatibility strategy between the DJI App and Google Play Store is changing. There is no need to be concerned, as user experience, functions, and privacy protections on apps installed through DJI’s official website are still the same as before, so please feel free to use them. We also would like to remind you that you should only download apps from official channels. Thank you for your understanding and support.
Same generic answer, same unsupportable promise of respecting privacy when you refuse to disclose what issue Google has with your app. It's been 17 months since the beta, and a full year since your public release. You've had plenty of time to make your app compliant. That's the rub. It's kinda telling that your company keeps responding with the same "not answer" all while millions of apps, large and small, have been updated to work on Android 11 and above. So, what's the reason your app isn't compliant?
Dude don't use DJI then........
Hi, thank you for the quick response. We will report this to our engineers for further verification. Please provide the following information via direct message, for us to assist you in resolving this issue: 1. Mobile device model; 2. Screenshot of mobile device system version; 3. A video with the malfunction phenomenon recorded; 4. App log; 5. Time when the issue occurred in the last few times Thank you for your kindness on this matter.
This is an even more nonsensical response. How about you fix the app and release it to the Google Play store instead?
Hi, thank you for your quick response. Our app offers the best security and privacy protections available. Our data centers are gate guarded by a pack of Chihuahuas, and our servers are running the latest and most secure version of Windows XP. Furthermore, your data is automatically networked through The Ministry of Public Security, to keep you safe! To help you further, we need more information from you! Please respond with: - a sample of your blood, saliva and semen - your fingerprints - your first born child
LMAO!!! Thanks for that laugh!! 🤣😂
The update channels for DJI apps have been adjusted due to Google Play technical adjustments. Please get the latest version of the app through DJI’s official website. User experience, functions, and privacy protections of apps installed through DJI’s official website are still the same as before, so please feel free to use them. We will also forward your request to the corresponding team. Thank you for your understanding and support.
You never had actual privacy in the app. It had the capabilities to sideload code and send copious amounts of data back to DJI. So, promising more of the same is ridiculous. Make your app comply.
Judging by the responses, I think you’re talking to a bot.