How to Protect Your Drone Data When Using DJI Products

6 Steps to More Privacy and Data Security

Every time you fly a DJI drone, you gen­er­ate data in the form of a flight log. This file con­tains impor­tant infor­ma­tion about your flight, such as the drone’s flight path, alti­tude, and head­ing. If you use the air­craft to take pho­tos or videos while in flight, those images are stored on the air­craft’s inter­nal mem­o­ry or on a remov­able SD card, sim­i­lar to a dig­i­tal cam­era. Thumb­nails of these pho­tos are also stored on your DJI mobile app. This infor­ma­tion is impor­tant to you, and if you are a busi­ness or gov­ern­ment agency fly­ing for a con­fi­den­tial pur­pose, such as to check crit­i­cal infra­struc­ture or film­ing a movie, you can (and should) keep this infor­ma­tion secure. Deter­min­ing which apps can col­lect sen­si­tive data can help you mit­i­gate your risks.

DJI takes the pri­va­cy and secu­ri­ty of your data seri­ous­ly, so our drones do not auto­mat­i­cal­ly trans­fer images, videos, or flight log data to DJI or any­where else. Your data is stored secure­ly on your air­craft and in the DJI mobile app you use to man­age it, and you decide whether or not to share it with any­one. If you would like to take addi­tion­al steps to pro­tect your data, this guide explains addi­tion­al pri­va­cy and data secu­ri­ty prac­tices avail­able to you when fly­ing a DJI drone.

Con­sid­er whether the data you cre­ate needs addi­tion­al pro­tec­tion

Very few drone options involve pri­va­cy. Small com­mer­cial drones allow peo­ple to cap­ture aer­i­al pho­tog­ra­phy and video out­doors, but the vast major­i­ty of these cap­tures do not pose a safe­ty risk. Most aer­i­al views have long been avail­able to every­one thanks to shoot­ing from air­planes, heli­copters and pho­tographs tak­en by oth­er peo­ple, as well as from online maps, satel­lite images and web­cams, thanks to ser­vices such as Yandex.maps (includ­ing panoram­ic views of cities from land and air) and many oth­ers.

For rare mis­sions involv­ing sen­si­tive mat­ters, con­sid­er the risk of dis­clo­sure. The steps below help reduce this risk when using DJI drones.

1. Keep the drone offline.

Unlike some oth­er devices, the drone does not need a con­stant Inter­net con­nec­tion to do its job because its main pur­pose is aer­i­al pho­tog­ra­phy, pro­vid­ing aer­i­al view for a spe­cif­ic user. The sim­plest and most eas­i­ly achiev­able way to ensure data pri­va­cy and secu­ri­ty is to use a DJI prod­uct com­plete­ly offline. This can be done using “air­plane mode” on a phone or tablet that you con­nect to the DJI remote con­troller, by remov­ing the SIM card if present, or by using it with a phone or tablet that is not con­nect­ed to the inter­net.

Sur­veys show that about one-third of users already do this, either because they are using an uncon­nect­ed device with their DJI remote con­trol that does not require the use of a smart­phone at all, some want to reduce radio fre­quen­cy radi­a­tion from a smart­phone / tablet in the shoot­ing area (and this also affects on the qual­i­ty of com­mu­ni­ca­tion with the drone), or users sim­ply do not want to be inter­rupt­ed by calls, text mes­sages and oth­er warn­ings dur­ing the flight.

2. The smart­phone or tablet is con­nect­ed to the net­work but is in local data mode.

Since 2017, DJI has imple­ment­ed a fea­ture called “Local data mode” that blocks the trans­fer of data “to” or “out” of DJI flight appli­ca­tions and the Inter­net. This is sim­i­lar to “flight mode” which only applies to the drone’s soft­ware. FTI Con­sult­ing recent­ly con­firmed that “when DJI Local Data Mode is enabled, data gen­er­at­ed by the app is not sent any­where, includ­ing to DJI.” Local data mode is avail­able in the DJI Pilot and DJI Fly apps and will be added to oth­er DJI drone con­trol apps in the near future. When using the local data mode, you can turn on map ser­vices to get a com­plete pic­ture while fly­ing. This allows the appli­ca­tion to con­nect to the map ser­vice provider while not trans­fer­ring oth­er data.

3. Use Pilot PE and Flight Hub Enter­prise Edi­tion.

For orga­ni­za­tions that need the pow­er of our Flight Hub soft­ware to man­age their fleet and data, DJI offers a com­bi­na­tion of the DJI Pilot PE app and Flight Hub Enter­prise Edi­tion. Flight Hub Enter­prise allows users to host soft­ware local­ly or in a pri­vate cloud while main­tain­ing data pri­va­cy. The solu­tion pro­vides cus­tomized con­trol and data man­age­ment func­tions while deliv­er­ing the full pow­er of con­nect­ed drones and cloud pro­cess­ing. FTI Con­sult­ing con­firmed that “Pilot PE, used with FlightHub Enter­prise, pro­vides an alter­na­tive method of oper­a­tion that gives con­sumers addi­tion­al con­trol over the data they gen­er­ate as it requires instal­la­tion on a local or cloud serv­er. With this con­fig­u­ra­tion, FTI found no evi­dence that data is being request­ed or passed to exter­nal ser­vices.”

4. Con­trol DJI drones with soft­ware devel­oped by anoth­er com­pa­ny.

DJI drones can be con­trolled using a vast soft­ware ecosys­tem from devel­op­ers around the world, includ­ing inno­v­a­tive US com­pa­nies such as DroneDe­ploy, Kit­ty­Hawk and Pre­ci­sion Hawk. If you want to use the best drones in the world, but pre­fer the fea­tures and con­fig­u­ra­tions of soft­ware devel­oped by oth­er com­pa­nies, you can choose from dozens of options.

Some of these devel­op­ers have con­duct­ed their own secu­ri­ty checks, such as Kit­ty­Hawk, which has passed the SOC2 Type II audit. This allows DJI enter­prise cus­tomers to take full advan­tage of con­nect­ed drones and cloud pro­cess­ing while rely­ing on the secu­ri­ty guar­an­tees of these devel­op­ers. The DJI SDK also pro­vides these devel­op­ers with the abil­i­ty to imple­ment the Local Data Mode fea­ture as an addi­tion­al way to pro­vide drone oper­a­tors with data man­age­ment and data secu­ri­ty capa­bil­i­ties.

5. Devel­op your own DJI drone soft­ware.

The DJI Soft­ware Devel­op­ment Kit (SDK) allows any orga­ni­za­tion to cre­ate their own soft­ware to take advan­tage of a rich set of data man­age­ment tools and fea­tures. Over 20,000 active devel­op­ers have devel­oped and pub­lished over 1,000 SDK appli­ca­tions. Com­pa­nies such as Amer­i­can Air­lines, FedEx, Ford, and Time Warn­er are some of the indus­try’s lead­ing com­pa­nies that have devel­oped their own soft­ware solu­tions for using DJI drones. We now offer five sep­a­rate SDKs to cus­tomize the mobile app, user inter­face, Win­dows apps, drone pay­loads, and onboard com­put­ing apps. The DJI SDKs were devel­oped at our R&D cen­ter in Palo Alto, Cal­i­for­nia and are main­tained by our engi­neer­ing team based there. For more infor­ma­tion on how to become a soft­ware devel­op­er, vis­it: https://developer.dji.com/

6. Use DJI’s Gov­ern­ment Edi­tion prod­ucts.

For gov­ern­ment agen­cies that have the high­est data secu­ri­ty require­ments, we have devel­oped the Gov­ern­ment Edi­tion upon request and in accor­dance with the stat­ed spec­i­fi­ca­tions of the US Depart­ment of the Inte­ri­or in 2019. The suit­abil­i­ty of the Gov­ern­ment Edi­tion for safe use on fed­er­al agency mis­sions has been val­i­dat­ed by NASA and the Ida­ho Nation­al Lab­o­ra­to­ry on behalf of the US Depart­ment of Home­land Secu­ri­ty. These prod­ucts were devel­oped for and pro­vid­ed to the Min­istry of the Inte­ri­or.

The main addi­tion­al guar­an­tee of these prod­ucts is that the local data mode is always on, which means that users can­not even vol­un­tar­i­ly trans­fer drone data to DJI or con­nect to the Inter­net. These fea­tures pro­tect against agency errors and vio­la­tions of agency pro­to­col. This extra lay­er of pro­tec­tion is not need­ed by most orga­ni­za­tions using drones, but we are hap­py to offer it to all fed­er­al agen­cies.

Find out which data pro­tec­tion mea­sures are right for you

Ulti­mate­ly, you deter­mine the data your drone col­lects based on where you fly, where you point the drone’s cam­era, and whether you cap­ture any pho­tos or videos. Any­one can fol­low the steps list­ed above, but the real­i­ty is that most peo­ple using DJI drones don’t need to take emer­gency action. Check out the data-relat­ed fea­tures of our soft­ware, con­sid­er whether you need to sync your flight logs with DJI servers or post aer­i­al pho­tos to our SkyP­ix­el plat­forms and oth­er social media plat­forms.

For infre­quent mis­sions involv­ing sen­si­tive data, con­sid­er the risk of dis­clo­sure and whether any of the steps list­ed above can help mit­i­gate this risk. Some orga­ni­za­tions restrict the use of con­sumer-grade elec­tron­ic equip­ment to col­lect, store, and ana­lyze sen­si­tive infor­ma­tion. You must com­ply with the same safe­ty stan­dards as oth­er elec­tron­ic devices such as dig­i­tal cam­eras, walkie-talkies, sur­vey­ing equip­ment, wildlife cam­eras and envi­ron­men­tal sen­sors. If your use of these types of devices does not require any spe­cial cyber­se­cu­ri­ty mea­sures, then the use of drones prob­a­bly does not require them either.