DJI: Difference between revisions - Consumer Rights Wiki

(4 intermediate revisions by 4 users not shown)

Line 5:

|Founded=2006

|Industry=Cameras, Drones, Electronics

|Logo=DJ logo.svg

|Logo=DJI logo.svg

|ParentCompany=

|Type=Private

|Website=https://www.dji.com/

}}

~~[[wikipedia:DJI|~~'''DJI''']] is a Chinese technology company headquartered in Shenzen. DJI manufactures commercial unmanned aerial vehicles (UAV or Drone) for aerial photography and videography. It also designs and manufactures camera systems, gimbal stabilizers, propulsion systems, enterprise software, aerial agriculture equipment, and flight control systems.

'''{{Wplink|DJI}}''' is a Chinese technology company headquartered in Shenzen. DJI manufactures commercial unmanned aerial vehicles (UAV or Drone) for aerial photography and videography. It also designs and manufactures camera systems, gimbal stabilizers, propulsion systems, enterprise software, aerial agriculture equipment, and flight control systems.

==Consumer impact summary==

Some of DJI's devices require an initial connection to a proprietary app (typically DJI Mimo or DJI Ronin) in order to be usable, as well as to provide firmware updates. This application also requires various permissions to location and other privacy-impacting data which is then provided to and stored by DJI.

Some of DJI's devices require an initial connection to a proprietary app (typically DJI Mimo or DJI Ronin) in order to be usable, as well as to provide firmware updates (see [[Forced app download]]). This application also requires various permissions to location and other privacy-impacting data which is then provided to and stored by DJI.

In particular, DJI drones have the following limits and caveats on their operation:

*They require persistent online ~~reauthentication~~ with a DJI account. Offline/signed-out operation is possible, however the account will sign out after a period of no internet connectivity (usually a few weeks). When signed out, flight altitude is limited to 30m, and flight distance is limited to 50m. From the [https://dl.djicdn.com/downloads/DJI_Mavic_3/DJI_Mavic_3_User_Manual_v1.0_en.pdf DJI Mavic 3 manual]: "For increased safety, flight is restricted to a height of 98.4 ft (30 m) and range of 164 ft (50 m) when not connected or logged into the app during flight. This applies to DJI Fly and all apps compatible with DJI aircraft".

*They require persistent online re-authentication with a DJI account (see [[Forced account]]). Offline/signed-out operation is possible, however the account will sign out after a period of no internet connectivity (usually a few weeks). When signed out, flight altitude is limited to 30m, and flight distance is limited to 50m. From the [https://dl.djicdn.com/downloads/DJI_Mavic_3/DJI_Mavic_3_User_Manual_v1.0_en.pdf DJI Mavic 3 manual]: "For increased safety, flight is restricted to a height of 98.4 ft (30 m) and range of 164 ft (50 m) when not connected or logged into the app during flight. This applies to DJI Fly and all apps compatible with DJI aircraft".

*The [https://www.dji.com/dji-fly DJI Fly app] consistently checks for new firmware and No-Fly Zone (NFZ) updates, and if detected, can soft-brick the device (preventing takeoff) until the updates are installed, showing the error "Unable to take off. Update Fly Safe database/Fly Safe database requires update".

*The DJI Fly App, required to control and operate DJI consumer drones with a mobile device, was removed from the Google Play Store in 2021. DJI requires Android users to install an APK file provided on their website in order to control their drone.

Line 31:

Line 32:

==Incidents==

{{~~Placeholder box|Add one~~-~~paragraph summaries of incidents below in sub~~-sections, which link to each incident's main article while linking to the main article and including a short summary. It is acceptable to create an incident summary before the main page for an incident has been created. To link to the page use the "Hatnote" or "Main" templates.

~~If the~~ company ~~has numerous~~ incidents ~~then format them~~ in ~~a table (see~~ [[~~Amazon~~]] ~~for an example)~~. }}

This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].

~~This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].~~

===Data and camera feeds of vacuum robots publicly accessible (''2026'')===

===Data and ~~Camera Feeds~~ of ~~Vaccuum Robots~~ publicly accessible (''2026~~-02~~'')===

Due to insufficient security measures, DJI vacuum robots across the world could be controlled remotely by anyone in the world by simply extracting an authentication token from the control app and communicating with DJI's servers. This also caused floor maps and camera feeds to be publicly accessible, even before a robot is paired with the DJI app for the first time.

When confronted with the security researcher's results, DJI claimed they had already discovered and fixed the issue internally the previous month, temporarily disabled access to video feeds, and rolled out updates. However, at the time of writing, still not all issues were fixed. The company also did not respond to any of the security researcher's emails and only communicated in DMs described as ''robotic'' on X (formerly known as Twitter).<ref>{{Cite web |last=Hollister |first=Sean |date=2026-02-14 |title=The DJI Romo robovac had security so poor, this man remotely accessed thousands of them |url=https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt |archive-url=https://archive.ph/~~fyKWW~~ |archive-date=2026~~-02-14~~ |access-date=2026-02-14 |website=The Verge}}</ref>

When confronted with the security researcher's results, DJI claimed they had already discovered and fixed the issue internally the previous month, temporarily disabled access to video feeds, and rolled out updates. However, at the time of writing, still not all issues were fixed. The company also did not respond to any of the security researcher's emails and only communicated in DMs described as ''robotic'' on X (formerly known as Twitter).<ref>{{Cite web |last=Hollister |first=Sean |date=2026-02-14 |title=The DJI Romo robovac had security so poor, this man remotely accessed thousands of them |url=https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt |archive-url=https://web.archive.org/web/20260222215257/https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt |archive-date=22 Feb 2026|access-date=2026-02-14 |website=The Verge}}</ref>

~~===Example incident two (''date'')===~~

~~...~~

==Products==

*[[DJI Osmo Action 5 Pro]]

*[[DJI Ronin RS4 Pro]]

*[[DJI Osmo Pocket 3]]

==See also==

*[[GoPro]]

*[[Insta360]]

==References==

{{~~reflist}}{{Placeholder box|Link to relevant theme articles or companies with similar incidents.~~}}

[[Category:DJI]]

[[Category:Companies]]

[[Category:Devices requiring account for initial setup]]

@@ Line 5: / Line 5: @@
 |Founded=2006
 |Industry=Cameras, Drones, Electronics
-|Logo=DJ logo.svg
+|Logo=DJI logo.svg
 |ParentCompany=
 |Type=Private
 |Website=https://www.dji.com/
 }}
-[[wikipedia:DJI|'''DJI''']] is a Chinese technology company headquartered in Shenzen. DJI manufactures commercial unmanned aerial vehicles (UAV or Drone) for aerial photography and videography. It also designs and manufactures camera systems, gimbal stabilizers, propulsion systems, enterprise software, aerial agriculture equipment, and flight control systems.
+'''{{Wplink|DJI}}''' is a Chinese technology company headquartered in Shenzen. DJI manufactures commercial unmanned aerial vehicles (UAV or Drone) for aerial photography and videography. It also designs and manufactures camera systems, gimbal stabilizers, propulsion systems, enterprise software, aerial agriculture equipment, and flight control systems.
 ==Consumer impact summary==
-Some of DJI's devices require an initial connection to a proprietary app (typically DJI Mimo or DJI Ronin) in order to be usable, as well as to provide firmware updates. This application also requires various permissions to location and other privacy-impacting data which is then provided to and stored by DJI.
+Some of DJI's devices require an initial connection to a proprietary app (typically DJI Mimo or DJI Ronin) in order to be usable, as well as to provide firmware updates (see [[Forced app download]]). This application also requires various permissions to location and other privacy-impacting data which is then provided to and stored by DJI.
 In particular, DJI drones have the following limits and caveats on their operation:
-*They require persistent online reauthentication with a DJI account. Offline/signed-out operation is possible, however the account will sign out after a period of no internet connectivity (usually a few weeks). When signed out, flight altitude is limited to 30m, and flight distance is limited to 50m. From the [https://dl.djicdn.com/downloads/DJI_Mavic_3/DJI_Mavic_3_User_Manual_v1.0_en.pdf DJI Mavic 3 manual]: "For increased safety, flight is restricted to a height of 98.4 ft (30 m) and range of 164 ft (50 m) when not connected or logged into the app during flight. This applies to DJI Fly and all apps compatible with DJI aircraft".
+*They require persistent online re-authentication with a DJI account (see [[Forced account]]). Offline/signed-out operation is possible, however the account will sign out after a period of no internet connectivity (usually a few weeks). When signed out, flight altitude is limited to 30m, and flight distance is limited to 50m. From the [https://dl.djicdn.com/downloads/DJI_Mavic_3/DJI_Mavic_3_User_Manual_v1.0_en.pdf DJI Mavic 3 manual]: "For increased safety, flight is restricted to a height of 98.4 ft (30 m) and range of 164 ft (50 m) when not connected or logged into the app during flight. This applies to DJI Fly and all apps compatible with DJI aircraft".
 *The [https://www.dji.com/dji-fly DJI Fly app] consistently checks for new firmware and No-Fly Zone (NFZ) updates, and if detected, can soft-brick the device (preventing takeoff) until the updates are installed, showing the error "Unable to take off. Update Fly Safe database/Fly Safe database requires update".
 *The DJI Fly App, required to control and operate DJI consumer drones with a mobile device, was removed from the Google Play Store in 2021. DJI requires Android users to install an APK file provided on their website in order to control their drone.
@@ Line 31: / Line 32: @@
 ==Incidents==
-{{Placeholder box|Add one-paragraph summaries of incidents below in sub-sections, which link to each incident's main article while linking to the main article and including a short summary. It is acceptable to create an incident summary before the main page for an incident has been created. To link to the page use the "Hatnote" or "Main" templates.
+{{Ph-C-Inc}}
-If the company has numerous incidents then format them in a table (see [[Amazon]] for an example). }}
+This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
-This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
+===Data and camera feeds of vacuum robots publicly accessible (''2026'')===
-===Data and Camera Feeds of Vaccuum Robots publicly accessible (''2026-02'')===
 Due to insufficient security measures, DJI vacuum robots across the world could be controlled remotely by anyone in the world by simply extracting an authentication token from the control app and communicating with DJI's servers. This also caused floor maps and camera feeds to be publicly accessible, even before a robot is paired with the DJI app for the first time.
-When confronted with the security researcher's results, DJI claimed they had already discovered and fixed the issue internally the previous month, temporarily disabled access to video feeds, and rolled out updates. However, at the time of writing, still not all issues were fixed. The company also did not respond to any of the security researcher's emails and only communicated in DMs described as ''robotic'' on X (formerly known as Twitter).<ref>{{Cite web |last=Hollister |first=Sean |date=2026-02-14 |title=The DJI Romo robovac had security so poor, this man remotely accessed thousands of them |url=https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt |archive-url=https://archive.ph/fyKWW |archive-date=2026-02-14 |access-date=2026-02-14 |website=The Verge}}</ref>
+When confronted with the security researcher's results, DJI claimed they had already discovered and fixed the issue internally the previous month, temporarily disabled access to video feeds, and rolled out updates. However, at the time of writing, still not all issues were fixed. The company also did not respond to any of the security researcher's emails and only communicated in DMs described as ''robotic'' on X (formerly known as Twitter).<ref>{{Cite web |last=Hollister |first=Sean |date=2026-02-14 |title=The DJI Romo robovac had security so poor, this man remotely accessed thousands of them |url=https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt |archive-url=https://web.archive.org/web/20260222215257/https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt |archive-date=22 Feb 2026|access-date=2026-02-14 |website=The Verge}}</ref>
-===Example incident two (''date'')===
-...
 ==Products==
 *[[DJI Osmo Action 5 Pro]]
 *[[DJI Ronin RS4 Pro]]
+*[[DJI Osmo Pocket 3]]
 ==See also==
 *[[GoPro]]
 *[[Insta360]]
 ==References==
-{{reflist}}{{Placeholder box|Link to relevant theme articles or companies with similar incidents.}}
+{{Reflist}}
 [[Category:DJI]]
+[[Category:Companies]]
+[[Category:Devices requiring account for initial setup]]