[magic_hamster]

They are absolutely right to do this, and private users should be wary as well.

DJI's application (Mimo) has been banned from the Android Play Store for some time, with no explanation given by DJI. They offer an APK to side load, which is completely unsupervised, and requires access to your phone's accurate location and other invasive permissions no matter which of their products you are using.

This is an important detail. Your phone location might be helpful when using drones (though GPS should be on the drone, not your phone) but there is absolutely no reason to use it for something like a phone stabilizer, which it absolutely requires and will not let you continue unless you turn it on.

I did not reverse engineer their application but I will be surprised if there isn't a copious amount of data being sent to the back office.

You might not care as an individual, but then maybe ten years from now you will visit China, and they might know about you more than you're comfortable sharing.

As a side note, Aljazeera is comically ridiculous: https://imgur.com/a/HnbLy4O

[i_am_jl]

I haven't been keeping up with the legislation updates, but the FAA's proposal for positional reporting required the drone to report the location of the drone and the pilot. It seems to still be their objective under "Why do we need RemoteID" https://www.faa.gov/uas/getting_started/remote_id/drone_pilo...

>Remote ID helps the FAA, law enforcement, and other federal agencies find the control station when a drone appears to be flying in an unsafe manner...

To be clear, I don't support this implementation of RemoteID proposed by the FAA, and I don't like that the DJI app doesn't allow granular control over permissions. I fully support the Feds' efforts in sanctioning DJI. However, I think it's important that we level reasonable criticisms at DJI for behavior that they're capable of changing.

[Rebelgecko]

Some of DJIs drones are small enough that they wouldn't have to follow that rule (the pilot GPS requirement is only for drones that are required to be registered with the FAA, aka those heavier than 250g. DJI very intentionally has a line of drones that weigh something like 248g)

[i_am_jl]

Yep, the Spark and the Mavic Mini series are all exempt from registration and RemoteID as they're 249g on the nose.

I'm just pointing out why the DJI app may need the capabilities that it does, but you're right, for many users who will never own a >250g DJI drone, that permission will never, ever be necessary.

[magic_hamster]

This point came up in another comment, and it's definitely reasonable - but I still don't see why DJI would require your location when using products other than drones, which they do. And as I noted before, they are providing an app which has been axed from the official store. Aside from this, as I'm sure you're aware, any information that DJI collect has a nonzero chance of being handed over the the Chinese authorities for any reason whatsoever.

[photochemsyn]

This is a fairly broad problem across the whole phone app world, isn't it? For example, I bought an iOS app for LAN analysis, but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

Also, any data information collected by a US company also has 'a nonzero chance of being handed over to the American authorities for any reason whatsoever'.

The only real solution is data protection laws that can be enforced not just by governmental authorities, but also by individual and class-action lawsuits against companies that violate those laws.

[sofixa]

> This is a fairly broad problem across the whole phone app world, isn't it? For example, I bought an iOS app for LAN analysis, but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

I don't know how iOS works, but on Android location data permissions are requested for anything involving networking (including Bluetooth, WiFi). Why? Because access to those could be used to estimate where the user is physically located, so gating it behind the location permission is a good way to ensure nobody exploits that. It's not necessarily obvious when you're presented with the permission screen though.

[magic_hamster]

If it's really a case of gating permissions, I still don't like it.

I used a few apps that utilize Bluetooth without asking for location, even when they aren't the obvious use case (like headphones), although admittedly it's been a while since then.

Afair, I don't recall the Mimo app asking me to turn on wifi for the stabilizer. But maybe yes and I just turned it off after connecting to the device. The operation of the stabilizer is through Bluetooth.

[squeaky-clean]

For the majority of smartphone's existence no permission was necessary, probably because no one ever considered it. Then it was learned stores, for example Target, were using their mobile app to broadcast Bluetooth signals in order to track shoppers movement around the store. So around 2019 Android added it to the general location permission to use Bluetooth for anything other than audio transmission to/from a paired device if device pairing is handled by the OS, hidden from the app.

In late 2021 Android changed it to a separate "ACCESS_FINE_LOCATION" permission, while Apple still keeps it under the general bluetooth permission (while the popup mentions it can be used to track your location).

[magic_hamster]

> This is a fairly broad problem

Permission greed is definitely an issue but it's still the choice of every developer, and there are still plenty of apps that do not do this. You were right to refuse using the app if you don't trust it.

> Handed over to the American authorities

At least on paper they need to have a reason, unless the corporation is very accommodating which also happens. But some companies are more strict about this and at least in theory accessing private information is not as easy in western countries. Or so I'd like to believe. I'm not sure in China you can tell the government official to come back when they have a warrant in a meaningful way.

> The only real solution is data protection laws

Sign me up! Unfortunately, the current state of things makes a lot of money for some parties, and legislators don't really have an incentive to do anything about this. However, it sends a very clear message when the Pentagon closes the door on some companies or when certain vendors like Huawei or ZTE are banned altogether.

[myself248]

> At least on paper they need to have a reason,

No they don't.

They need a reason to get a warrant. But if they simply buy the data from a broker, they don't need any reason at all, and there is utterly no oversight.

[ryandrake]

> Permission greed is definitely an issue but it's still the choice of every developer, and there are still plenty of apps that do not do this. You were right to refuse using the app if you don't trust it.

In fact, at least for Apple, their app store guidelines have, for a long time, prohibited apps from refusing to work without permissions. The app is supposed to gracefully degrade if the user does not consent to any particular permission. Their language seems to have softened[1] a bit since I last looked at it, but the intent is pretty clear: The developer can't just kill the app or prevent it from being used just because someone denied a permission.

1: https://developer.apple.com/app-store/review/guidelines/

[WrtCdEvrydy]

> but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

In order to use bluetooth or internet access through wireless means you must request location access because it's assumed that you can match a person's location with the access points and bluetooth devices around them (BL beacons). It sucks but Android is semi-right on it. Something that doesn't use wireless means of communication doesn't need location access.

[dTal]

That seems a bit broken. The permission to send data over the network should be distinct from the permission to know the name of the SSID.

[happyopossum]

iOS handles this differently - there is a distinct permission for accessing local networks and devices, and another for location. Within location, you can choose precise or vague.

[squeaky-clean]

Sort of off-topic complaint, but I wish Apple didn't make the Precise Location permission status viewable by apps. There's no reason they need to know if I'm obfuscating my location from them, and many apps look for this setting and refuse to work with Precise Location disabled.

For example the McDonald's app doesn't allow you to use coupons unless you enable the precise location permission.

[WrtCdEvrydy]

So android provides "coarse" or "precise" which maps to "wireless" or "gps" but the prompt tells you the app can get your location for either one.

[LeifCarrotson]

> I assume that was for their data marketing side business

You're confused: Their primary business is data marketing. LAN analysis or anything useful the apps might do are a side business at best.

[petre]

If one wants to fly a drone in an unsafe manner they build a FPV drone themselves as opposed to buying an off the shelf regulated product with builtin geofencing.

[ceejayoz]

> GPS might be helpful for drones (though it should be on the drone, not your phone) but there is absolutely no reason to use it for something like a phone stabilizer, which it absolutely requires and will not let you continue unless you turn it on.

It’s for the flight restriction system. Won’t let you fly near schools, power plants, airports etc.

[magic_hamster]

This might not be the best way to go about it because what you care about in this scenario is the location of the drone, not the operator, who might stand outside the no flight zone. Which is another reason to use the drone's GPS signal in the app instead of your phone location.

Either way when using a drone they will know your location, but there's no reason to let DJI access this information when using every single product they make.

[mbreese]

It might download a new restriction zone set based upon where the operator is. Without knowing anything about the internals of the drone, it would not be possible for the drone to have a full set of restricted areas for the planet. They change, get updated, etc…

For a drone, I understand the requirement. If you are using a drone, giving up your personal GPS location isn’t a big ask. You must be within sight line of your drone and the FAA may have a legitimate reason for knowing your personal location. (For most uses)

[kayodelycaon]

I don't see why a drone couldn't have a massive set of lat-long boundaries unless disk space or CPU is severely limited. Text doesn't take up much space.

[thetinguy]

The list of restricted airspaces is not static.

[twawaaay]

The drone can refuse to takeoff or fly into restricted space based just on its own GPS. It absolutely does not require to track the pilot.

[aardvarkr]

But then how would they be able to sell your location data? It’s a crucial revenue stream! /s

They do sell a tool to police and governments that allow them to track drone operators. The Ukraine military uses drones extensively to monitor the Russians from the air and assist with artillery accuracy but any time they would launch a dji drone Russia had access to that software and would send an artillery shell to the pilots location.

[orangepurple]

Russians, like Ukrainians, and all other government forces in the world, have extensive experience triangulating transmitted signals in warzones. Considering that these drones rely on bidirectional communication, it is obvious where the pilot is without hacking DJI. A drone operator in a warzone appears like an active microwave oven with its door stuck open operating from a deserted area. Militaries can triangulate those signals for decades.

[twawaaay]

Exactly.

During WWII the already had radars enough to detect periscopes sticking out of sea surface from tens of miles.

They were also able to triangulate subs by their short transmits anywhere on the Atlantic with pinpoint precision.

People very much underestimate technical military capabilities.

The issues with militaries are of a different kind -- sifting through deluge of information, prioritising, making right inferences, etc., not the ability to spot and triangulate the enemy.

[orangepurple]

I think periscope detection is only possible since the 1970s

  The opportunity to detect periscopes was exploited in early radar experiments that prompted the development of the AN/APS-116 radar manufactured by Texas Instruments in the 1970s. The AN/APS-116 is an Xband, high-resolution, fast scanning system developed specifically to provide a periscope detection capability on the carrier-based S-3 aircraft. The AN/APS-137 is an upgrade of this radar used primarily on the S-3; a limited number are also used on the land-based P-3 aircraft.

https://www.jhuapl.edu/Content/techdigest/pdf/V18-N01/18-01-...

[ceejayoz]

Not all DJI drones have a GPS.

[WrtCdEvrydy]

On Android, anything that can broadcast a signal (bluetooth/wifi) require location, at least coarse.

I'm not saying DJI isn't spying on everything but that's probably the reason. This is hilarious in hindsight because for years, you had to give an app call access so they could monitor if a call was incoming (for pausing a game for example)

Edit: It also looks to be a GDPR ban.

[notatoad]

>anything that can broadcast a signal (bluetooth/wifi)

it's the opposite - anything that can read a signal that has been broadcast by another deivce requires location permission. which makes sense, because if you can poll for nearby wifi networks or bluetooth beacons you can determine location, even without using the GPS hardware.

[xani_]

Yeah, makes sense from "not confusing users" perspective.

"This app only needs wifi network list, it isn't spying on me" would be easy mistake to make

[WrtCdEvrydy]

so Android permissions actually separate coarse and precise but the prompt for location is the same whether you request one or the other.

[mschuster91]

> GPS might be helpful for drones (though it should be on the drone, not your phone)

Actually, for the new EU regulations, you need to broadcast both the position of the drone and of the operator, at least for everything above class C1 ("remote ID", see [1]).

And in any case, drones without working GPS are not fun to fly. DJI's Mini 3 Pro (and its larger friends) can do by using the collision-avoidance stereo cameras, but others I wouldn't dare risk running indoors.

[1] https://www.drohnen.de/20336/drohnen-gesetze-eu/

[magic_hamster]

While this is interesting (broadcast to whom exactly?) my main point is that DJI demands access to your smartphone location even for products that clearly have no use for this information, while giving you a sideloaded app which is banned from the official store. To me, these point to a trust issue.

[mschuster91]

> While this is interesting (broadcast to whom exactly?)

It's hard to find any information about how Remote-ID is supposed to work, but in theory the ID packets are sent by WiFi NAN and Bluetooth so that they can be received by anyone in the radio range (which is quite important for authorities to track down violators, e.g. people flying around hospital helipads). Unfortunately, current phones seem to lack support hardware-wise (see [1], page 6).

[1] https://www.cencenelec.eu/media/CEN-CENELEC/Events/Webinars/...

[sgtnoodle]

I'm not familiar with the EU side of things, but I am familiar with the FAA's regulations in the USA.

The FAA hasn't specified an implementation. It's on the manufacturer to come up with a means of compliance, and then get the FAA to sign off on it. There is a standard put out by the ASTM, which is heavily based on an open source project, OpenDroneID.

The standard moved away from NAN in the draft phase, in favor of vendor elements in 802.11 beacon frames. You can choose 802.11 or Bluetooth Low Energy. If you choose 802.11, 2.4ghz is required and 5ghz is recommended. If you choose BLE, v4 is required, and doing v5 as well is recommended.

[phpisthebest]

>which is quite important for authorities to track down violators

no, it is not. it is yet another power grab by the FAA and federal authorities to increase the surveillance state.

I should not be required to broadcast my signal to the federal government to prove I am not going to commit a crime, that is the exact backwards of how the legal system is suppose to work

[mschuster91]

> I should not be required to broadcast my signal to the federal government to prove I am not going to commit a crime, that is the exact backwards of how the legal system is suppose to work

You're participating in airspace, and if you want to participate in airspace you have to comply with the rules for participation to not endanger others.

In ye olde times, you had to do a pilot exam, and planes and choppers were/are expensive and had to transmit ADS-B information both for air traffic security and for keeping track of abuse. If you were caught abusing your privileges, you lost your license.

Why should drones be exempt of these rules, particularly as they are mass-market things (unlike airplanes) and thus the chance of them getting abused is far higher?

[phpisthebest]

None of that is true, there were always exemptions for Model Planes, Ultra Lights, etc.

Further this assume that I agreed with the "ye olde times" regulations, I dont. I largely disagree with all federal regulations for a multitude of reasons even going to the very basic that no where in the US Constitution is the FAA an authorized role of the federal government, at most it should be a state law not a federal law

[tunap]

While I initially balked at buying such spywares, I did break down and buy a Mini 2 last year(it's awesome!!!). I side-loaded the app on an old phone, sans SIM, with a pristine LOS install. Connected it to wifi to register & immediately put the phone in Airplane Mode.

Been meaning to research how to independently flash the drone's firmware offline to wipe collected data, but haven't delved into that yet. Any suggestions welcomed!

[mym1990]

Wouldn’t the GPS on phone be primarily so that the drone knows where to go in case of emergency? I have also used a drone to follow me while on a bicycle or in a car…it seems like the phone would need GPS there as well.

Wondering if GPS on the drone would dramatically affect battery life as well?

[magic_hamster]

> where to go in case of emergency

In case of emergency, drones just land where they are, or they could try to go back to the point of origin. Depending on the emergency, the drone might lose connection with the operator, in which case your own location is not very useful. I didn't run into emergencies lately but usually as far as I know the operator sets out to retrieve the drone.

> Wondering if GPS on the drone would dramatically affect battery life as well?

The vast majority of consumer drones already have GPS (on the device) today.

> have also used a drone to follow me while on a bicycle or in a car

It's more likely the drone follows you with computer vision although GPS could potentially help if the drone completely loses you. I imagine your phone location will be more helpful in pointing out the general direction than actually getting you in the center of the shot. It's not that accurate, and there are more variables at play like the vertical angle.

[mynameisvlad]

> In case of emergency, drones just land where they are, or they could try to go back to the point of origin. Depending on the emergency, the drone might lose connection with the operator, in which case your own location is not very useful. I didn't run into emergencies lately but usually as far as I know the operator sets out to retrieve the drone.

The default setting on connection loss is "return to home" with hover or land where you are as options. "Home" is a constantly updated location (sent from the controller to the drone) if you move, which, as another person mentioned, is absolutely critical in some scenarios like being on a boat where your position updates constantly.

As another person also mentioned, EU and FCC regulations will also require Remote ID, which broadcasts the drone's and operator's GPS positions. The latter is used if you did something bad and need to be spoken to.

Drone usage is somewhere where location is absolutely needed, especially for critical situations where you want your drone to not be lost forever (and so the government can slap you on the hand in person if you did something bad).

[justsomehnguy]

> or they could try to go back to the point of origin.

Great idea you if origin was on the boat.

I don't know why you all on the fence here, even I, who never used those drones, understand what first and foremost it is for the ability for the drone to return to the current/last known position of operator.

Yes, it could be used to send your location directly to CCP's secret service, but you can't have the GPS and eat^W don't have it too.

[mym1990]

I think the drone landing where it is could be pretty catastrophic given that the drone really doesn't know what is below. Pilots routinely fly over large crowds, traffic, water, etc... and a drone with no controller just landing into one of those things is pretty dangerous. The drone doesn't necessarily need to have connection with the pilot at all times, but if it has a reference for the last point of contact, it can be helpful to guide it back to a known location.

Touche on the computer vision point!

[RosanaAnaDana]

I wonder if its actually for a dgps application.

Two GPS signals, two clocks, wireless signals being transmitted. You might be able to do a time differential offset/ correction to get a much higher accuracy relative position (drone and phone are very confident in their relative positions).

[resoluteteeth]

> GPS might be helpful for drones (though it should be on the drone, not your phone) but there is absolutely no reason to use it for something like a phone stabilizer

Wouldn't the app need GPS permissions just to show you where the drone is on a map, etc.?

[donkeyd]

No, it doesn't, since the drone will show you where the drone is. For your own location relative to the drone, it is though. You can do without, but just showing home (take off) location on the map is not ideal.

[magic_hamster]

> Wouldn't the app need GPS permissions just to show you where the drone is on a map?

How so? The drone can send its own location. The app might show you your location on the map, but that's not mandatory for operating a drone. It is a good user experience, I admit, but you can operate drones without this.

And it doesn't explain why phone stabilizers require location access. Tried it myself with the OM 5.

[jetanoia]

fyi the aljazeera screenshot doesn’t show the dji article - just a cookie disclosure. Was the ‘ridiculous’ part in the article? Or their saying that the cookie gives “voice to the voiceless”. (Which is funny)

[magic_hamster]

You can barely see the title behind the cookie popup and the "live" section, which is one of the worst examples I've seen for these annoying practices.

Thankfully Firefox on Android has the "reader mode" available right next to the url.

[collegeburner]

it's ridiculous that the propaganda arm of a totalitarian illiberal petrostate claims to "give a voice to the voiceless" or "promote truth and transparency". i also really dislike them because their "aj+" brand puts out heavily left biased faux-intellectual junk similar to vox or buzzfeed which makes me want to punch through a wall regardless of who puts it out.

[lom]

It’s ridiculous that the cookie banner takes that much space. The site is pretty unusable like that.

[coldtea]

That's the whole idea, that is should be if not a modal, then like a modal, to get a response from the user before proceeding with the site.

Nothing ridiculous about it (except the GDPR law itself). Many news websites do it even bigger, or hide the whole screen with a modal white overlay.

[jon-wood]

GDPR does not mandate huge banners for every use of cookies. Those banners are mandated because the website in question wants to share information gathered on you with, in the case of most news websites, hundreds of third parties in order to make a little bit more money from advertisers.

[brewdad]

So pretty much the same as every other news site on the planet? I guess I'm not fully understanding why the OP is specifically calling out Al Jazeera here.

[ThePowerOfFuet]

> As a side note, Aljazeera is comically ridiculous: https://imgur.com/a/HnbLy4O

You were not kidding. Wow.

[inphovore]

> Aljazeera is comically ridiculous

Aljazeera is a model of journalism excellence and integrity!

Is this about their cookie warning? They’re obligated to say something.

If you don’t take their journalism seriously, you deceive yourself!

[alasdair_]

>Aljazeera is a model of journalism excellence and integrity!

There are really two versions of Aljazeera. The Western-facing one is pretty good (although it sometimes has Russia Today vibes on certain topics). The non-Western version is tabloid nonsense.

[magic_hamster]

> Aljazeera is a model of journalism excellence and integrity!!!

I might have been able to respond to this proclamation if I could find their damn website under all the popups and consent modals.

[namlem]

Al Jazeera runs a ton of Qatari propaganda and their Arabic version is especially full of it.

[xani_]

>This is an important detail. Your phone location might be helpful when using drones (though GPS should be on the drone, not your phone)

I'd imagine it would be important for "come back home" like functionality in case drone loses signal or whatever

> but there is absolutely no reason to use it for something like a phone stabilizer, which it absolutely requires and will not let you continue unless you turn it on

App making photos or movies using GPS to tag location of the photo is kinda common. Refusing to work without it would be sketchy tho, but "developer is kinda incompetent" is common enough...

Not saying it isn't malicious but those are easier explanations.

Hell, it could require permissions and not send the data now, just add that tracking in update...

[AdrianB1]

The "come back home" functionality relies on the GPS on the drone, but the "follow me while filming" needs the phone's. I saw quite a lot of motorcycling vlogs using that feature.

[brokenmachine]

Correct me if I'm wrong but I thought the follow me is visual.

I doubt the phone GPS would be accurate enough to keep you in frame - remember, if you were only using GPS for tracking like that, then you're getting both the error of the phone GPS as well as the error in the drone GPS.

I've only really seen it in action on a DJI mini 3 pro.

I believe you can do follow me from the controller without a phone involved at all.

[MaxikCZ]

definetly vision based