DJI Mavic, Air and Mini Drones
Friendly, Helpful & Knowledgeable Community
Join Us Now

1.4.8 Android

tlswift58 said:
Glad you're leaving. BTW - worked IT Security as well pal. Go play with Parrot, Autel, Yuntec, or others. Won't be missed here with that kind of attitude. HOLIER THAN THOU!
Click to expand...
All you have are personal attacks? Not surprising. Do come back when you have something of value to add.
 
  • Haha
Reactions: tlswift58
mtb.arizona said:
Worlds apart or not, you seem to think that the security provided by Apple's refusal to allow sideloading works. So your suggestion is to REDUCE the security that you already think is lower on Android, by bypassing what checks and balances DO exist in the app store validation?

And I agree, along with Tim Cook, that I am indeed using the wrong device. DJI put themselves in that position, not me, or Android. Luckily, DJI offers me nothing that is of greater value to me than my security and privacy.

I suppose Tim Cook is using the wrong device too if he believes it, which he clearly does.
Click to expand...
I am confused on one hand, Tim Cook is good by not wanting side-loading for an iPhone for securities sake and then on the other hand, you suggest he's using the wrong device, you can't have to both ways. And I did not imply that Apple not allowing side-loading reduces security, not even sure how you get there with what I wrote..

On other hand, if you intend to use Android devices, you have limited options on where to get your apps, you can use the Play store, which is not really trustworthy to begin with, or whatever other options maybe available, To me the product website would be more trustworthy then other sources for needed Android apps related to whatever product than other sources.. But I guess its your call..
 
  • Like
Reactions: mtb.arizona
Macinfo said:
I am confused on one hand, Tim Cook is good by not wanting side-loading for an iPhone for securities sake and then on the other hand, you suggest he's using the wrong device, you can't have to both ways. And I did not imply that Apple not allowing side-loading reduces security, not even sure how you get there with what I wrote..

On other hand, if you intend to use Android devices, you have limited options on where to get your apps, you can use the Play store, which is not really trustworthy to begin with, or whatever other options maybe available, To me the product website would be more trustworthy then other sources for needed Android apps related to whatever product than other sources.. But I guess its your call..
Click to expand...
Thank god, there's still some civil discourse out there =)

My implication isn't intended to be that Tim is on the wrong device as in iOS/ipadOS, macOS, etc. (or Android, or the variant that Huawei had to fork because of the USDOJ idiocy in recent times, etc.) DJI is the one in the wrong.

Apple's app store has developed a good reputation by layering security. Code validation before publishing is one (which Google does, regardless of how well (or not) it does it compared to Apple.)

Another key is that those checks are meaningless if apps don't go through them, and are simply downloaded and installed via sideloading. The entire point is 3rd party checks and balances... someone that is NOT the end user, or the app developer. Bypassing that third party (in this world, the respective app store for the platform) completely eliminates that 3rd party from the equation. And unfortunately, this isn't like the world of Linux/open source development where there are hoardes of programmers eyeballing that source code and sharing their findings with the community at large. That 3rd party check is crucial for the entire ecosystem.

Again, that's why Apple adamantly refuses to allow sideloading (and, let's be honest, there's a fiscal and iron-fist control aspect too.) It's also why Android hides the ability to enable sideloading behind nerdy multi-taps to enable developer mode, so that only those who actually understand the risks (in theory...) would actually go down that rabbit hole. (It also allows Android devs to do their work without paying for a 'developer account', which is likely the only reason they even have the ability to enable sideloading baked in.)

Trustworthiness of any given ecosystem app store is absolutely a valid concern, and Google is indeed seen as lagging behind Apple in this regard. But I'd sooner use Kwikset (Android validation) deadbolts on my home than use none at all (sideloading.) Not everyone wants, can afford, or cares about Assa Abloy locks (Apple.)

And for full disclosure, I ADAMANTLY hate Apple, despite getting my start into the tech world at a young age on my very own Mac, in the era of macOS 7.5.1, and despite the fact that most of my replies to this thread were typed up on an iPad Pro (that M1 chip is indeed impressive, handling 8k video from my R5 that my 8 core Ryzen desktop would cower under.) Replies beyond that have been on my Galaxy S21, and this one is now on a Win10 machine.

I'll clearly use the best tool for the job at the moment, and that I have access to, regardless of where it came from, so this is definitely not an android vs apple vs whatever issue for me.

This is an issue of DJI choosing to willfully bypass the Android app store, for still-unknown reasons. Despite the fact that they seem to be capable of passing the checks in their i-coded apps on the Apple app store.

If they were enabling some kind of functionality that isn't possible in iOS, or for that matter, via an app that can pass the Google play store checks, that might be a reason perhaps. But I'm not aware of anything like that happening here (and even then I wouldn't be a fan, even though I'd at least understand the reasoning.) Instead, DJI has chosen to simply opt out of the best practices world and quietly point people to a website to start bypassing them.
 
mtb.arizona said:
Thank god, there's still some civil discourse out there =)

My implication isn't intended to be that Tim is on the wrong device as in iOS/ipadOS, macOS, etc. (or Android, or the variant that Huawei had to fork because of the USDOJ idiocy in recent times, etc.) DJI is the one in the wrong.

Apple's app store has developed a good reputation by layering security. Code validation before publishing is one (which Google does, regardless of how well (or not) it does it compared to Apple.)

Another key is that those checks are meaningless if apps don't go through them, and are simply downloaded and installed via sideloading. The entire point is 3rd party checks and balances... someone that is NOT the end user, or the app developer. Bypassing that third party (in this world, the respective app store for the platform) completely eliminates that 3rd party from the equation. And unfortunately, this isn't like the world of Linux/open source development where there are hoardes of programmers eyeballing that source code and sharing their findings with the community at large. That 3rd party check is crucial for the entire ecosystem.

Again, that's why Apple adamantly refuses to allow sideloading (and, let's be honest, there's a fiscal and iron-fist control aspect too.) It's also why Android hides the ability to enable sideloading behind nerdy multi-taps to enable developer mode, so that only those who actually understand the risks (in theory...) would actually go down that rabbit hole. (It also allows Android devs to do their work without paying for a 'developer account', which is likely the only reason they even have the ability to enable sideloading baked in.)

Trustworthiness of any given ecosystem app store is absolutely a valid concern, and Google is indeed seen as lagging behind Apple in this regard. But I'd sooner use Kwikset (Android validation) deadbolts on my home than use none at all (sideloading.) Not everyone wants, can afford, or cares about Assa Abloy locks (Apple.)

And for full disclosure, I ADAMANTLY hate Apple, despite getting my start into the tech world at a young age on my very own Mac, in the era of macOS 7.5.1, and despite the fact that most of my replies to this thread were typed up on an iPad Pro (that M1 chip is indeed impressive, handling 8k video from my R5 that my 8 core Ryzen desktop would cower under.) Replies beyond that have been on my Galaxy S21, and this one is now on a Win10 machine.

I'll clearly use the best tool for the job at the moment, and that I have access to, regardless of where it came from, so this is definitely not an android vs apple vs whatever issue for me.

This is an issue of DJI choosing to willfully bypass the Android app store, for still-unknown reasons. Despite the fact that they seem to be capable of passing the checks in their i-coded apps on the Apple app store.

If they were enabling some kind of functionality that isn't possible in iOS, or for that matter, via an app that can pass the Google play store checks, that might be a reason perhaps. But I'm not aware of anything like that happening here (and even then I wouldn't be a fan, even though I'd at least understand the reasoning.)
Click to expand...
The question is whether DJI is one, bypassing the Android (Google Play Store) because they want to, or two because Google is not allowing them to use it.

The next part is assuming that just because DJI does or has to post their own software on their own site for download, makes it less secure than posting it on a completely insecure and mostly useless Google Play Store..

And at some point, hanging on to Apple issues dating back to Mac OS 7.5 in 1994 or however that works, seems odd, using the best tool for the job is a good way to go.. But making assumptions that something is bad without any real proof is not good either.. Your assuming that DJI is doing something bad with posting their own software on their own download site, when the alternatives are clearly no better..
 
Macinfo said:
The question is whether DJI is one, bypassing the Android (Google Play Store) because they want to, or two because Google is not allowing them to use it.

The next part is assuming that just because DJI does or has to post their own software on their own site for download, makes it less secure than posting it on a completely insecure and mostly useless Google Play Store..

And at some point, hanging on to Apple issues dating back to Mac OS 7.5 in 1994 or however that works, seems odd, using the best tool for the job is a good way to go.. But making assumptions that something is bad without any real proof is not good either.. Your assuming that DJI is doing something bad with posting their own software on their own download site, when the alternatives are clearly no better..
Click to expand...

That is indeed a very good question and one that needs to be answered. Why DJI chooses not to be forthcoming with the answers is as much an unknown as the answer itself.

In security, assumption of trust is NEVER the default, nor should it be. That's how bad things often start. That said, nothing I say should be taken as me declaring that DJI *is* doing anything nefarious, because there's simply no evidence in either direction. But it does flag it as a valid concern, and software that has NOT undergone any 3rd part review. Again, I'll take the Kwikset review over no review every single time. I also don't consider that validation to be 'completely insecure', nor do the ITSEC professionals who delve a lot deeper into this than I ever will, and greenlight that process as part of a security baseline for Fortune 500 companies. Is it as good as Apple's? Even I don't think so. But that alone is not a valid reason to bypass it.

And I'm not hanging onto any issues from the 90s. On the contrary, I loved macOS back then. Enough to make a career out of technology. I also hadn't learned how badly Jobs screwed Wozniak yet.
 
mtb.arizona said:
That is indeed a very good question and one that needs to be answered. Why DJI chooses not to be forthcoming with the answers is as much an unknown as the answer itself..
Click to expand...
Does that mean you don't download any software from any company's web site? If you want to be safe, use the same protection that you do on your computer and run a virus check on the apk or have it checked by an on-line service.
 
Decided to run the apk through one of the on-line virus checkers. Here are their results:

No security vendors flagged this file as malicious
Ad-Aware
Undetected
AegisLab
Undetected
AhnLab-V3
Undetected
Alibaba
Undetected
ALYac
Undetected
Antiy-AVL
Undetected
Arcabit
Undetected
Avast-Mobile
Undetected
Avira (no cloud)
Undetected
Baidu
Undetected
BitDefender
Undetected
BitDefenderFalx
Undetected
BitDefenderTheta
Undetected
CAT-QuickHeal
Undetected
ClamAV
Undetected
CMC
Undetected
Comodo
Undetected
Cyren
Undetected
DrWeb
Undetected
Emsisoft
Undetected
eScan
Undetected
ESET-NOD32
Undetected
F-Secure
Undetected
FireEye
Undetected
Fortinet
Undetected
GData
Undetected
Gridinsoft
Undetected
Ikarus
Undetected
Jiangmin
Undetected
K7AntiVirus
Undetected
K7GW
Undetected
Kaspersky
Undetected
Kingsoft
Undetected
Malwarebytes
Undetected
MAX
Undetected
MaxSecure
Undetected
McAfee
Undetected
NANO-Antivirus
Undetected
Panda
Undetected
Qihoo-360
Undetected
Rising
Undetected
Sophos
Undetected
SUPERAntiSpyware
Undetected
Symantec
Undetected
Symantec Mobile Insight
Undetected
TACHYON
Undetected
Tencent
Undetected
TrendMicro
Undetected
TrendMicro-HouseCall
Undetected
Trustlook
Undetected
VBA32
Undetected
VIPRE
Undetected
ViRobot
Undetected
Yandex
Undetected
ZoneAlarm by Check Point
Undetected
Zoner
Undetected
 
  • Like
Reactions: D95GAS and DJayI
mtb.arizona said:
You're welcome to trust that there's nothing bad in the app, or that their security internally is super top grade and a 3rd party hasn't injected their own fun into the code. I work in security, and this is simply the most blatant example of bad procedure I've seen from any otherwise reputable hardware vendor.

There's no valid reason for them to bypass the checks of any application store, and even the lord of the flies Tim Cook has made that abundantly clear in recent times. The fact that they have made such a choice is in itself a reason to not trust them, full stop.

And since there is no reason whatsoever to justify paying an Apple tax, buying into that hardware/software realm isn't an option that's worth half a second of consideration.

Direct APK downloads can contain literally ANYTHING, and there is absolutely no 3rd party security validation, or checks and balances.

Wanna buy my M2P since you're okay with this? Luckily for me, there's a DJI store right down the street that will happily resell my used gear, and that's precisely where it's going. It's a great drone, but no drone is worth throwing away the most basic of security for.
Click to expand...
Can you give a couple of specific examples of Bad Things that might happen if you go directly DJI?

What are the odds?

Thx,

TCS
 
Macinfo said:
The Apple App System and Android are worlds apart. However, if you adamantly believe that downloading a file from the product manufacturers web site is not safe for installation, then your using the wrong device..
Click to expand...
That was sort of my thought too...

TCS
 
mtb.arizona said:
Worlds apart or not, you seem to think that the security provided by Apple's refusal to allow sideloading works. So your suggestion is to REDUCE the security that you already think is lower on Android, by bypassing what checks and balances DO exist in the app store validation?

And I agree, along with Tim Cook, that I am indeed using the wrong device. DJI put themselves in that position, not me, or Android. Luckily, DJI offers me nothing that is of greater value to me than my security and privacy.

I suppose Tim Cook is using the wrong device too if he believes it, which he clearly does.
Click to expand...
There's no such thing as absolute security. Security mitigations need to be based on a comparison of the expected value of the possible harms, to the costs of the mitigation. And inconvenience is a cost.

It's all about the odds. Not all mitigation costs are worth incurring.

I created the IT Security Unit for the State of Nevada, and ran it for a while until I could hire a proper CISO. I know a bit about this too.

:)

TCS
 
mtb.arizona said:
Thank god, there's still some civil discourse out there =)

My implication isn't intended to be that Tim is on the wrong device as in iOS/ipadOS, macOS, etc. (or Android, or the variant that Huawei had to fork because of the USDOJ idiocy in recent times, etc.) DJI is the one in the wrong.

Apple's app store has developed a good reputation by layering security. Code validation before publishing is one (which Google does, regardless of how well (or not) it does it compared to Apple.)

Another key is that those checks are meaningless if apps don't go through them, and are simply downloaded and installed via sideloading. The entire point is 3rd party checks and balances... someone that is NOT the end user, or the app developer. Bypassing that third party (in this world, the respective app store for the platform) completely eliminates that 3rd party from the equation. And unfortunately, this isn't like the world of Linux/open source development where there are hoardes of programmers eyeballing that source code and sharing their findings with the community at large. That 3rd party check is crucial for the entire ecosystem.

Again, that's why Apple adamantly refuses to allow sideloading (and, let's be honest, there's a fiscal and iron-fist control aspect too.) It's also why Android hides the ability to enable sideloading behind nerdy multi-taps to enable developer mode, so that only those who actually understand the risks (in theory...) would actually go down that rabbit hole. (It also allows Android devs to do their work without paying for a 'developer account', which is likely the only reason they even have the ability to enable sideloading baked in.)

Trustworthiness of any given ecosystem app store is absolutely a valid concern, and Google is indeed seen as lagging behind Apple in this regard. But I'd sooner use Kwikset (Android validation) deadbolts on my home than use none at all (sideloading.) Not everyone wants, can afford, or cares about Assa Abloy locks (Apple.)

And for full disclosure, I ADAMANTLY hate Apple, despite getting my start into the tech world at a young age on my very own Mac, in the era of macOS 7.5.1, and despite the fact that most of my replies to this thread were typed up on an iPad Pro (that M1 chip is indeed impressive, handling 8k video from my R5 that my 8 core Ryzen desktop would cower under.) Replies beyond that have been on my Galaxy S21, and this one is now on a Win10 machine.

I'll clearly use the best tool for the job at the moment, and that I have access to, regardless of where it came from, so this is definitely not an android vs apple vs whatever issue for me.

This is an issue of DJI choosing to willfully bypass the Android app store, for still-unknown reasons. Despite the fact that they seem to be capable of passing the checks in their i-coded apps on the Apple app store.

If they were enabling some kind of functionality that isn't possible in iOS, or for that matter, via an app that can pass the Google play store checks, that might be a reason perhaps. But I'm not aware of anything like that happening here (and even then I wouldn't be a fan, even though I'd at least understand the reasoning.) Instead, DJI has chosen to simply opt out of the best practices world and quietly point people to a website to start bypassing them.
Click to expand...
Your intensity on this conjures up for me an image of DJI throwing some SW switch, and all the DJI drones suddenly rise up and attack their owners, demanding freedom.

At least, until their batteries run out...

This just doesn't seem very likely.

TCS
 
  • Like
Reactions: Howz
Personally I would like the choice to upgrade when I want not have it forced upon me by DJI at the moment before takeoff. I rolled back to 1.4.0 as when I flew with 1.4.8 DJI Fly crashed . Maybe just a coincidence.
 
Crispjon said:
Personally I would like the choice to upgrade when I want not have it forced upon me by DJI at the moment before takeoff. I rolled back to 1.4.0 as when I flew with 1.4.8 DJI Fly crashed . Maybe just a coincidence.
Click to expand...
I'm with you about the update timing. I prefer to do that kind of thing off-line, not when everything is hooked up and ready to go. But when I got a better idea of the level of integration they are doing...drone, phone, controller...it actually makes sense, so I've just resigned myself to it.

TCS
 
It actually is quite difficult to stop the update but apparently if you tether off your phone it won't update but when you are back home on wifi it will in spite of settings in tablet (mine is Huawei mediapad 8.4) and app .
 
Hi guys. I ve experiant my phone screen blank and the function RTH on the remote not functioning on my mavic mini . It is happen twice after upgrading to version 1.4.8 via ota/auto update. Anyone experiance the same
 

Similar threads

Gynotai1
DJI Fly and iOS 15
Replies
10
Views
1K
Mini 2
Dbez1
Dbez1
L
DJI Fly 1.4.8 Android with Mini 2 (in CE mode) - Should I stay or Update to 1.5.4-1390 ?
Replies
1
Views
1K
Mini 2
Deleted member 103366
D
Roofdrone
dji fly app for Android
Replies
6
Views
582
General Discussions
Roofdrone
Roofdrone
T
DJI GO app and Android 9 can't remove popup
Replies
21
Views
2K
Firmware & Software
mswlogo
M
P
Mavic 3 Pro & Controller/iOS/Android Updates - Dec 27, 2023
Replies
13
Views
3K
Firmware & Software
Filmarik
F
Lycus Tech Mavic Air 3 Case

DJI Drone Deals

1. Mini 2
2. Mini 3 Pro
3. Mini 4 Pro
4. Air 2s
5. Air 3
6. Avata 2
7. Mavic 3 Pro
8. Mavic 3 Classic

New Threads

Members online

Total: 922 (members: 12, guests: 910)

Forum statistics

Threads
131,237
Messages
1,561,143
Members
160,190
Latest member
NotSure