Dec 072017
 

I was considering buying a drone this year, so I did a little digging and found the DJI Go app requires these permissions:

Device & app history
  • retrieve running apps
  • read sensitive log data
Identity
  • find accounts on the device
  • add or remove accounts
Contacts
  • find accounts on the device
Location
  • approximate location (network-based)
  • precise location (GPS and network-based)
Phone
  • directly call phone numbers
  • read phone status and identity
Photos/Media/Files
  • access USB storage filesystem
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Storage
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Camera
  • take pictures and videos
Microphone
  • record audio
Wi-Fi connection information
  • view Wi-Fi connections
Device ID & call information
  • read phone status and identity
Other
  • Access download manager.
  • download files without notification
  • full license to interact across users
  • manage document storage
  • control media playback and metadata access
  • close other apps
  • view network connections
  • read battery statistics
  • pair with Bluetooth devices
  • access Bluetooth settings
  • send sticky broadcast
  • change system display settings
  • change network connectivity
  • connect and disconnect from Wi-Fi
  • control flashlight
  • full network access
  • close other apps
  • run at startup
  • draw over other apps
  • use accounts on the device
  • control vibration
  • prevent device from sleeping
  • modify system settings
  • add words to user-defined dictionary
  • Google Play license check
  • read Google service configuration

HOLY CRAP!  That is insane!  I’m not even going to cover this point by point, at a guess 80% of these permissions are un-necessary and 90% are massive security and privacy risks.  I don’t trust an app developer that can’t be bothered to manage permissions properly.