Chinese drone company DJI has removed hot-patching frameworks discovered in its apps by hackers – and is beginning to reveal GPL-licensed elements in its code.
Informed sources told The Register the latest versions of DJI’s Go app, which is the mobile app used for controlling the firm’s drones in flight, have had JSPatch and Tencent Tinker stripped out of them.
As we previously reported, these hot-patching frameworks seemed likely to break Apple and Google’s terms and conditions for their app stores. This was because those two frameworks allow new code to be pushed into the app outside of the mandatory code review process operated by both app store firms.
The company had promised to remove both frameworks by the end of August.
DJI is also revealing some GPL-licensed source code for items inside the Go app. This is a step forward; in the past, the firm had been criticised by some (for example, here) for not doing this. GPL licence terms mean users of GPL-licensed code should, in theory, make source code available for GPL-licensed software that is released to the public.
Drone hacker SasquatchLabs posted on a popular drone forum that DJI had told him: "Furthermore, our engineering team is working internally, and with vendors, to investigate other source code and will provide the status upon completion. DJI has also designated a team to oversee open source software compliance on an ongoing basis."
It appears that the general thrust of the various drone hackers is to secure enough access to the aircraft’s firmware so as to allow modifications that could exclude the possibility of updates from DJI disabling drones made by them.
The conflict is between people who, not unreasonably, believe that paying for something entitles you to full control over it versus DJI, which is increasingly being leaned upon by governments and regulators as some users fly their drones with varying degrees of stupidity.
While DJI’s app includes GPS-based geofencing technology, some users have encountered difficulties in getting these restrictions lifted in specific cases.
Cracking the drone’s firmware so users can modify it would enable users, legitimate and otherwise, to effectively ignore these restrictions. In the UK, geofenced areas cover places such as prisons, airports and, strangely, Stoke City’s football stadium. ®