Users of the DJI Pilot app have been able to use Local Mode for data privacy in DJI drones since 2017: “Today’s commitment to expanding availability of this feature follows an independent review and validation of Local Data Mode and DJI’s drone products by FTI Consulting (FTI), a global leader in cybersecurity,” says a company press release.
A “Kill Switch” Feature
While some consulting firms have independently reviewed data privacy for DJI drones, the findings of firms without a background in drone technology can be misleading. Government concerns over Chinese government involvement in technology companies have become confused with fears over actual vulnerabilities in the platform. With the Local Mode feature, DJI is providing a “kill switch” – with no connection to the internet, the data never leaves the physical storage device, which is in control of the user at all time.
“All DJI drones provide data security protections for their users by empowering them to decide whether and when their drone data is shared externally. Local Data Mode provides government and commercial customers with additional assurance that data generated during drone operations is effectively protected. It is an internet connection “kill switch” feature within DJI’s command and control mobile applications that, when enabled, prevents the app from sending or receiving any data over the internet,” says the press release. “With this feature enabled, drone operators can easily and effectively cut off all network connections from DJI’s mobile applications and prevent any data from being transferred to DJI or other parties.”
The FTI audit confirms the efficacy of the “kill switch” approach. “The FTI audit found that when Local Data Mode was enabled, no data generated by the drone or application was sent externally to infrastructure operated by any third party, including DJI, validating DJI’s assertions about the utility and function of the feature,” says the press release. “FTI also found that using Local Data Mode with the “Allow Map Services” featured enabled, which gives operators additional situational awareness during flight, resulted in data sent and received only to a trusted third-party American mapping provider, Mapbox. FTI’s assessment also confirmed that DJI employs various security best practices.”
How Local Data Mode Works
DJI drones are controlled by flight control apps which operate on smartphones or tablets either by themselves or in connection with a remote-control unit. They routinely communicate over the internet with servers from DJI and third-party service providers. Through these communications, the apps check for software and firmware updates, and also obtain relevant localized data for flights, including maps to display on the app screen; geofencing restrictions including government-issued temporary flight restrictions; radio frequency and radio power requirements for the flight region; and other information that enhances flight safety and functionality.
There are two options for enabling Local Data Mode, namely enabling Local Data Mode only and enabling Local Data Mode together with the map service request. Turning on Local Data Mode stops all DJI app communications to and from the internet, helping assure drone operators that all data remains local and entirely within their control. When operators want to use the network-based mapping services available through DJI’s apps under Local Data Mode, they can enable the “Allow Map Services” feature to access them, which allows internet communications only with the server of American map services provider Mapbox. Other apps on a smartphone or tablet are not affected by the use of Local Data Mode.