Every time you fly a DJI drone, you generate data in the form of a flight log. This file captures important information about your flight like the drone’s flight path, altitude and heading. If you use the drone to capture photos or videos during flight, these images are stored on the drone’s internal memory or on a removable SD card just like a digital camera. Versions of this data are also archived in your DJI mobile app. This information is important to you, and if you’re a business or government agency flying for a sensitive purpose such as inspecting critical infrastructure or for a film production, you may want to ensure you keep that information secure. Determining what missions may gather sensitive data can help you mitigate risks.
DJI takes your data privacy and security seriously, so our drones do not automatically transmit image, video, or flight log data to DJI or anywhere else. Your data is stored safely on your drone and in the DJI mobile app you use to control it, and you decide whether to share it with anyone. If you want to take additional steps to protect your data, this guide explains additional data privacy and security methods available to you using your DJI drone.
Consider whether the data you create needs additional protection
Very few drone operations involve sensitive subject matter. Small commercial drones enable people to take photos and videos of aerial perspectives outdoors, but the vast majority of those perspectives do not pose safety or security risks. Most aerial views are already accessible to the public from airplanes, helicopters and other people’s drones, as well as online maps, satellite and webcam images.
For the rare missions that involve sensitive subject matter, consider the risk of disclosure. The steps listed below help mitigate that risk when you use DJI drone equipment.
1. Keep your drone equipment disconnected from the internet
Unlike some other technologies, a drone does not need internet connectivity to be useful because its primary use is as a flying camera providing an aerial perspective to the nearby user. So, one simple and easily verifiable way to ensure data privacy and security is to use your DJI product entirely offline. This can be accomplished using “airplane mode” on the phone or tablet you attach to the DJI remote controller, by removing the SIM card if there is one, and/or by using a phone or tablet that is not connected to the internet.
In conversations with our customers we have observed that around one-third of them already do this, either because they use a non-connected smart device with their DJI remote controller, want to reduce radio-frequency emissions in the area, are using company-issued drone equipment that lacks a data connection plan, or simply do not want to be interrupted with calls, texts and other alerts when flying a drone.
2. Keep your equipment online, but use Local Data Mode
Since 2017, DJI has offered a feature called “Local Data Mode” which blocks data from being transmitted to or from DJI’s flight apps and the internet. This is like an “airplane mode” that applies only to the drone’s software. Recently, FTI Consulting validated that “when DJI’s Local Data Mode is enabled, no data that was generated by the application was sent externally to infrastructure operated by any third party, including DJI.” Local Data Mode is available in the DJI Pilot and DJI Fly apps, and will be added to other DJI flight control apps in the near future. When using Local Data Mode, you can elect to enable Map Services, so that you have full situational awareness when flying. Doing so allows the app to connect to a trusted map services provider while still eliminating all other data connections.
3. Use Pilot PE and Flight Hub Enterprise Edition
For organizations that want fleet and data management capabilities of our Flight Hub software, DJI offers the combination of the DJI Pilot PE app and Flight Hub Enterprise Edition. Flight Hub Enterprise allows users to host the software on premise or in a private cloud, ensuring data privacy. The solution provides tailored data control and management features while enabling the full power of connected drones and cloud processing. FTI Consulting validated that “Pilot PE used with FlightHub Enterprise provides an alternative method for operation that provides consumers additional control over the data they generate, as it requires installation on a local or cloud-based server. With this configuration, FTI observed no evidence of data being requested or transmitted externally.”
4. Operate DJI drones using software developed by another company
DJI drones can be operated using a rich ecosystem of software from developers around the world, including innovative companies based in the United States such as DroneDeploy, KittyHawk and Precision Hawk. If you want to use the best drone hardware in the world, but prefer the features and configurations of software developed by other companies, you can choose from dozens of options.
Some of these developers have undertaken their own security validations, such as KittyHawk, which passed a SOC2 Type II audit. This allows DJI’s enterprise customers to enjoy the full advantages of connected drone solutions and cloud processing while relying on those developers’ security assurance. DJI’s Software Development Kit also provides these developers the option to implement the Local Data Mode feature as an additional way to provide data management and data security options to drone operators.
5. Develop your own software for DJI drones
DJI’s Software Development Kit (SDK) allows any organization to create its own customized software for use on our drone hardware, with a rich set of data controls and features. Over 20,000 active developers have developed and published over 1,000 SDK apps. Companies such as American Airlines, FedEx, Ford, and Time Warner are among the industry-leading companies that have developed their own custom software solutions for their use of DJI drones. We now offer five separate SDKs to allow customization of the mobile app, user interface, Windows applications, drone payloads, and onboard computing applications. DJI’s SDKs were developed at our Palo Alto, California, R&D facility and are supported by the engineering team located there. For more information on how to become a software developer, please visit: https://developer.dji.com/
6. Use DJI’s Government Edition products
For government agencies that have the highest data security requirements, we developed Government Edition at the request of, and to meet the stated specifications of the United States Department of the Interior in 2019. The suitability of Government Edition for secure use in federal agency missions was confirmed by NASA and Idaho National Laboratory on behalf of the U.S. Department of Homeland Security at the time these products were developed for, and provided to, the Interior Department.
The main additional assurance of these products is that Local Data Mode is permanently enabled, meaning users cannot even voluntarily transfer drone data to DJI or connect to the internet. These features guard against agency employee mistakes and breaches of agency protocol. This additional level of protection is unnecessary for most organizations using drones, but we are pleased to offer it to all federal agencies.
Determine what data security measures are right for you
You ultimately determine the data that your drone captures, based on where you fly, where you point the drone camera and whether you record any photos or videos. Anyone can use the steps listed above, but in reality, most people using DJI drones don’t need to take extraordinary measures. Familiarize yourself with the data-related features in our software; consider whether you need to synchronize your flight logs with DJI servers or post your aerial photography on our SkyPixel social media platforms.
For the rare missions that involve sensitive subject matter, consider the risk of disclosure, and whether any of the steps listed above can help mitigate that risk. Some organizations restrict the use of consumer-grade electronic equipment for collecting, storing and analyzing sensitive information. You should hold your drones to the same security standards as other electronic devices, such as digital cameras, walkie-talkies, surveying equipment, wildlife monitoring cameras, and environmental sensors. If your use of those types of devices does not require any special cybersecurity measures, then your use of a drone probably does not either.
* * *
DJI customers have a broad variety of options when it comes to data security, and we always appreciate feedback and ideas so we can continue to produce the most capable, safest, and most secure drone products in the world. We also welcome security researchers to report security issues they discover, and have a cash-reward Bug Bounty Program designed to help us identify and resolve them. A full white paper on DJI's data security framework is available for download below.