PRC’s DJI Drone Android App Stealing Sensitive Information: Storing Data On Mainland China Servers

via the eponymous Dan Goodin, Security Editor at Ars Technica, comes this disturbing revelation of US persons that are owners of DJI drones and most importantly users of the company’s DJI Go 4 for Android personal data undergoing trasnmittal to servers resident in the People’s Republic of China. And, to add insult to injury, the application can apparently execute arbitrary bits without the behest of the hapless users. Read Dan’s original superb reportage and try not to weep for your stolen identity (and data, thereof) ensconced so comfortably on PRC CCP controlled servers.

“People who have DJI Go 4 for Android installed may want to remove it at least until Google announces the results of its investigation (the reported automatic restart behavior means it’s not sufficient to simply curtail use of the app for the time being). Ultimately, users of the app find themselves in a similar position as that of TikTok, which has also )aroused suspicions, both because of some behavior considered sketchy by some and because of its ownership by China-based ByteDance.” – via the inimitable Dan Goodin, Security Editor at Ars Technica

Permalink

Recent Articles By Author

• USENIX Security ’23 – LibScan: Towards More Precise Third-Party Library Identification for Android Applications
• Randall Munroe’s XKCD ‘Pendulum Types’
• USENIX Security ’23 – Automated Inference on Financial Security of Ethereum Smart Contracts

More from Marc Handelman

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://arstechnica.com/information-technology/2020/07/chinese-made-drone-app-in-google-play-spooks-security-researchers/