ViewPoints, the Official DJI Blog

New Independent Audit Confirms Robust Privacy Controls Available To DJI Drone Operators

Written by DJI ViewPoints Team | Sep 25, 2024

DJI is committed to delivering best-in-class drones that not only feature the latest innovations but also offer robust privacy controls, giving our users greater confidence over their drone operations. A cornerstone of this commitment is empowering drone operators to manage their data privacy—including the ability to decide if, when, and how their information is collected, transmitted, or shared.

Since 2017, we have submitted our products to certifications and regular security audits by industry experts and federal agencies. Each auditing organization procures DJI products off-the-shelf and conducts a thorough and independent technical investigation.

Our latest independent security audit was conducted by a team of cybersecurity experts at FTI Consulting (FTI). The scope of this review focused on evaluating the network activity of the DJI Mavic 3 Enterprise Series Thermal (DJI Mavic 3T), the DJI RC Pro controller, and the DJI Pilot 2 software.

The results, detailed in the executive summary, provide yet another independent validation of DJI’s robust data privacy practices, building on prior audits by reputable third-party security experts. It also reaffirms that when U.S. operators choose to share flight data with DJI, the data resides within U.S.-based servers and is not transmitted to China. 

Key findings underscore DJI’s employment of industry best practices as well as ability to provide options that enable our users to control their data: 

  • “With the use of Restricted Network Mode (RNM), DJI provides end users the ability to control what information is shared with both DJI and integrated third-party services while using the device.”

  • “FTI concluded that the use of LDM (Local Data Mode) on the DJI Pilot 2 application resulted in no outbound traffic to either first-party or third-party services. The use of LDM appeared to disable all features and resulted in no network requests being captured.”

  • FTI observed several instances where DJI employed security best practices, such as certificate pinning and the use of Transport Layer Security (TLS) encryption on network communications.”

  • “The collections and analysis of the assessment, which was completed on the East Coast of the United States, support the conclusion that all first-party data transmissions, or transmissions to DJI owned infrastructure, resided within the United States.”

We encourage our customers to visit the DJI Trust Center to fully understand and optimize the full range of privacy controls and security information available and stay updated on the latest DJI security and privacy announcements. 

DJI remains steadfast in its commitment to addressing security concerns and providing our customers with the most reliable and innovative drone platforms. We will continue to collaborate with our partners and the broader industry to maintain the trust and confidence of our users.