DJI, the world’s leading drone maker, has officially released the 2025 edition of its Drone Security White Paper — a comprehensive update that consolidates years of progress in bolstering the safety, privacy, and integrity of its drone ecosystem. The white paper, first published in 2020, has evolved into a crucial reference for enterprise users and public agencies seeking clarity on how DJI ensures data protection and operational reliability in its drones.
This year’s update reflects DJI’s ongoing commitment to responsible innovation amid heightened scrutiny, especially in the United States, where security concerns about foreign-made drones remain a hot-button issue. The 2025 edition includes enhanced technical protections, privacy controls, results of third-party audits, and a significant milestone: ISO 27701 certification for DJI FlightHub 2, bolstering the platform’s credentials in privacy information management.
More: This new DJI drone can carry 80kg, charges in 9 minutes
Privacy by design, control by the user
A central theme in the white paper is DJI’s belief that users should remain in control of their data. Whether you’re a hobbyist flying a Mini 4 Pro or an enterprise operator using a Matrice 400, DJI builds privacy controls directly into its systems.
For example, personal information provided during account registration — like names and email addresses — is protected using AES-256 encryption. Enterprise users can also activate “Local Data Mode,” which severs all internet connections from the drone’s app, ensuring data doesn’t leave the device even by accident. Operators can fly and update their drones completely offline and set secure, non-decryptable passwords to access stored media.
Consumer users in the US will also note a significant change: since June 2024, DJI drones operated in the United States no longer have the option to sync their flight logs to DJI servers, reducing the potential for remote data access.
Device security: Starting at the chip level
The paper dives deep into how DJI drones protect data at the hardware level. DJI’s approach begins with the Trusted Execution Environment (TEE) — a secure area of the processor that manages encryption keys and firmware verification. Complementing this is the FIPS-certified DJI Core Crypto Engine, which ensures data encryption and secure firmware updates.
Secure boot processes make it impossible to load unauthorized firmware, and RPMB-based secure storage ensures critical data like serial numbers and device certificates cannot be tampered with. Even debug ports are disabled out of the box to prevent unauthorized access.
Application hardening and SDK oversight
Flight apps such as DJI Fly and DJI Pilot 2 undergo rigorous security hardening, including dynamic runtime protections, encryption of local files, and anti-tampering mechanisms. DJI also outlines how its suite of Software Development Kits (SDKs) — including Mobile, Payload, Edge, and Thermal SDKs — are designed with built-in security mechanisms and limited network interaction.
Notably, DJI offers developers the ability to build apps that operate in Local Data Mode. After initial activation, these apps sever all internet connectivity, further enabling secure deployments in high-sensitivity environments.
Communication security: OcuSync and 4G protected
To safeguard real-time data transmission, DJI uses a multi-tiered communication security framework. Its proprietary OcuSync protocol is encrypted using AES-256 with unique session keys generated upon each power-up, thwarting eavesdropping and hijacking attempts.
For remote operations via DJI Dock or enhanced 4G transmission links, the company deploys mutual authentication between devices, ensures end-to-end encryption, and uses device certificates to prevent unauthorized access. DJI’s design ensures that even near-field and remote hijacking attempts are neutralized.
Cloud and offline data management
DJI provides operators with multiple data storage choices, including DJI FlightHub 2 On-Premises, a private-cloud alternative where organizations can manage all drone data internally — no external servers required. This aligns with growing global demands for sovereign data control, especially in sectors like energy, public safety, and infrastructure.
The 2025 white paper also clarifies where DJI stores user data depending on location: US-based operators use American cloud servers, while others may use servers in Japan or Europe, depending on their product and usage.
Independent audits and certifications
DJI continues to invest in third-party validation of its security architecture. Since the previous white paper release, the company has completed a 2024 audit by US-based FTI Consulting, and in 2025, secured ISO 27701 certification for FlightHub 2 — a privacy-focused extension of the well-known ISO 27001.
These certifications join an already robust list, including FIPS 140-2 for cryptographic modules and ISO 27001 for information security management.
Bug bounty and community collaboration
DJI was the first drone manufacturer to introduce a Bug Bounty Program, and it remains a cornerstone of its collaborative security approach. Since 2017, researchers have been encouraged to responsibly disclose vulnerabilities in exchange for rewards ranging from $50 to $30,000, depending on the severity.
This open-door approach is part of DJI’s broader commitment to transparency and dialogue. The white paper explicitly acknowledges the importance of ongoing feedback from the drone community and commits to continual updates and refinements based on real-world experience.
Meeting the moment
As global regulators increasingly focus on drone security — and as the US weighs restrictions on Chinese drones — DJI’s 2025 white paper appears not just as a technical document, but as a strategic reassurance. It’s a message to users and lawmakers alike: the company isn’t waiting to be told to take security seriously. It’s been doing the work all along — and is willing to be held accountable for it.
With detailed technical breakdowns, user-friendly summaries, and a growing list of privacy certifications, DJI’s updated white paper offers a window into how modern drones are being built not just to fly — but to fly responsibly.
To explore the full scope of DJI’s security architecture and see exactly how your data is protected, you can download and read the complete 2025 DJI Drone Security White Paper here. Whether you’re a drone pilot, IT decision-maker, or public agency, this resource provides valuable insight into what secure drone operations look like today.
More: DJI Mini 3 drone sees rare price cut amid US supply crunch
FTC: We use income earning auto affiliate links. More.
Comments