Bernie
I have an old #DJI drone from 2020, and noticed that the DJI apps are gone from the Google Play Store.
I can go to https://dji.com and download a whopping 861MB APK, but my Pixel Phone puts up scary security warnings that I've never seen with other APKs from F-Droid.
So now I'm not sure whether there's an actual security issue with DJI apps or it's just some US-China trade war bullshit.
Bernie
The absence of official statements from #DJI and Google is suspicious, and news outlets support the trade-war theory:
barrons.com: "DJI was previously blacklisted by the US Department of the Treasury in 2021 for allegedly supporting the surveillance of the Uyghur minority in China's Xinjiang region."
wsvn.com: US customs officials have also blocked some DJI shipments over concerns that the products might have been made with forced labor. DJI has called it “a customs-related misunderstanding.”
Bernie
But there are also less conspiratory explanations:
It's in the apple app store. [...] And while the spyware angle is 'fun,' it's a pretty goofy logical jump. The real reason appears to be a compatibility issue, "Google announced a while back that app developers will have to ensure their apps are packaged as bundles (AAB) rather than the standard APK. According to a DroneDJ reader, DJI’s SDK has a bug that prevents it from compiling in this new AAB standard."
https://www.reddit.com/r/dji/comments/144x6c9/comment/kqj75cb/
#DJI
Bernie
Just a bug then... seems plausible.
But the #DJI apps have been unavailable from the Play Store since early 2021. Which SDK bug couldn't be fixed in almost 4 years?
On the other hand, if Google had genuine security concerns with DJI's apps, why would Apple allow them?
Bernie
I worked on #AOSP for 3 years. It's enough to know that there are millions of devices in the wild running ancient kernels with unpatched security holes.
Android system permissions add a second line of defense, but stores also use a combination of security reviews, developer reputation, user reports and static analysis tools to catch malicious apps and actively kick them out.
Bernie
Since I can't verify the stories against #DJI, I cautiously decided to keep their apps off my Pixel phone for now.
Instead, I'll put it on my #LineageOS hacking phone, an old but trusty OnePlus 7T, which shows the same scary message, but this time I take the time to read the small print:
"This app was built for an older version of Android and doesn't include the latest privacy protections."
So, was that a simple API level deprecation issue that DJI could have fixed by upgrading the SDK?
Bernie
Anyway, the app works and requested access to location and media files, both of which seem plausible for a camera drone.
A more modern Android SDK would have allowed narrower access to videos, but anyway...
Bernie
Upon connecting to my old Mini 2, the app wants to install a 60MB firmware update. Ugh.
Then comes a "FlySafe Database" update. Hmm, ok.
After a couple of reboots, we're finally ready to fly. But now it's night, so we'll have to wait until tomorrow 😄
Bernie
@SupportGrapheneOS_667 "The analysis of the DJI GO 4 app for Android revealed that the security issues are not there by mistake." 😰
Support GrapheneOS 667
Support GrapheneOS 667
https://drones.stackexchange.com/questions/2209/how-come-the-dji-fly-app-is-not-in-google-play-store
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.