> A code audit carried out by FTI Consulting was said to have revealed no causes for concern, with DJI posting the exec summary (but not the full audit) on its website as a PDF. It had access to 20 million lines of source code, according to the summary, with analysis focusing on code concerned with “communication protocols and network activity with host infrastructure”.
DJI can pay for all the audits in the world, if they are not trustworthy they can find a way to spy in spite of the audit. Computer and software systems are just too complex to declare clean with audits.
This is a trust problem that DJI simply cannot change in their present state.
An audit means nothing if you have the ability to send and execute custom code to any device which uses your hardware. No one is going to audit an internet connected Windows 98 machine and say "Yup, no malware on here", and expect that to hold true for even a second after the statement was made.
DJI can pay for all the audits in the world, if they are not trustworthy they can find a way to spy in spite of the audit. Computer and software systems are just too complex to declare clean with audits.
This is a trust problem that DJI simply cannot change in their present state.