Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

FYI: Drone maker DJI's 'Get it on Google Play' website button definitely does not get the app from Google Play...

Quadcopter slinger rudely palms folk off to .apk download

Updated Drone manufacturer DJI is under fire because the "Get it on Google Play" button on its website for its smartphone app does anything but that.

An anonymous reader pointed El Reg on Thursday to a GitHub-hosted page outlining how users on Android devices who click the "Get it on Google Play" button on DJI's Spark software download page, and via a QR code, are not redirected to Google's official store as expected – but instead to a DJI server that gives them the Android version of the drone controller software.

El Reg has verified for itself that this does indeed happen when you hit the website's button.

This is not particularly brilliant because the app may not have gone through the Google Play store's usual round of checks for malicious code, not that these checks are perfect. It also encourages netizens that it's OK to trust any old software installer downloaded to their phone. The same concerns popped up when Fortnite snubbed the store in August.

"Clicking on the link downloads the DJI Go Android app directly from DJI's servers – not from Google Play," the GitHub page, created by an anonymous person, explained.

"The intent here isn't for people to be clicking on the 'Get It On Google Play' image in browsers, but rather tapping on the safe looking 'Get It On Google Play' via their Android devices."

Oddly, we're told DJI maintains its software on the Google Play store and the iOS App Store, so users who go through those services directly themselves will still get the software through Google or Apple, respectively. It is only the website's download page itself where the hosted version of the app is served up to Android devices. Which should set off alarm bells: what's so special, or unwanted, about this off-store download?

dji

Yes, drone biz DJI's Go 4 app does phone home to China – sort of

READ MORE

We've asked DJI for some explanation as to what was going on, and a spokesperson said they'd look into it for us. However, at the time of publication the company had yet to provide its side of the story.

The fear, as the anonymous report notes, is that users who think they are getting an Android app that has been vetted and screened by Google are instead getting software via a side channel.

We understand that Google has been informed of the activity, but had yet to take any action. Interestingly, the application .apk served up by DJI's page does appear to vary slightly from what is in the Play Store.

"At first glance, there are definitely differences between DJI's .apk, and Google Play's .apk," the anonymous prober concluded. "Configuration files are present in the DJI version that aren't in Google Play's version."

Thus far there's no indication the website's download is unsafe, however, the fact that DJI is choosing to steer its customers away from the Google app bazaar via a side channel is strange, to say the least.

We will update this story should we hear back from DJI. ®

Updated to add

A spokesperson for DJI has been in touch to say the button link was an accident, and it'll be corrected to point to the Google Play store.

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like