What steps has DJI taken to enhance the data security of its products and software?
Through our Bug Bounty Program detailed at https://security.dji.com
, DJI encourages security researchers to contribute to our ongoing efforts in strengthening our data security by responsibly detecting and reporting potential vulnerabilities, in exchange for rewards up to $30,000. DJI has buttressed our information security commitment by requiring mandatory security training for our developers, imposing new controls on their work, and establishing an internal penetration testing program to proactively root out other potential issues. We have removed external plugins that we deemed may carry potential security risks from our flight control apps, launched an internal educational program for our developers, and strengthened our code review and testing process to reinforce the importance of software security when developing new features. DJI continues to pursue additional research and development efforts that will help our customers keep their private data private.
DJI has also released the results of an independent report done by Kivu, analyzing DJI’s data practices that concludes DJI drone users have control over how their data is collected, stored and transmitted. The report analyzed drones and software independently obtained in the United States, and confirmed DJI did not access photos, videos, or flight logs generated by the drones unless drone operators voluntarily chose to share them. A summary of the report can be found
. DJI will continue to research and invest heavily in bolstering the security of our products.
DJI has been the most vocal industry advocate for addressing the privacy, cost, and operational concerns of drone pilots in regulatory discussions, as reflected in our
March 2017 white paper
on the topic. DJI remains the only major company in the drone industry that has expressly asserted the privacy rights of drone operators in their business and personal drone use.