However, website visitors may be being misled in exactly where they are downloading their applications from.
However, this does not go to the Google Play store; instead, clicking will download an .APK file directly from DJI servers to a device.
There is also a “Download on the App Store” button which does direct users to the official Apple App Store.
DJI offers the official app through both stores, alongside scannable QR codes — the Android version of which also pulls the .APK directly from DJI and not Google Play, according to the researcher.
Interestingly, it also seems that the app version on the server does differ slightly. According to the anonymous contributor, “configuration files are present in the DJI version that aren’t in Google Play’s version,” and there are some image files and source code differences between the two.
It is important to note there is no evidence to suggest that in any way DJI servers are insecure or have been compromised.
However, this is not the point.
When you download an application from the App Store or Google Play, you are aware that the app has undergone a number of security checks and processes to make sure the software you are about to download and execute is not malicious.
While some apps do inevitably slip the net, in general, apps downloaded from these official sources are far safer than those downloaded from third-party servers.
The Internet is rife with fake and malicious versions of legitimate apps which are stored in third-party servers for download. If a user downloads and installs these apps, this can lead to surveillance, account hijacking, and mobile devices becoming infected with anything from Trojans to ransomware.
TechRepublic: Top 5 ways to maximize customer data security
In addition, there have been cases of legitimate servers which offer apps outside of these stores being compromised by attackers and loaded with malware.
By using a button proclaiming that the app’s source is from Google Play, users are being told that the app comes from this particular, trusted source. It is misleading and, even should it simply prove an oversight, should not have been allowed to occur.
If a user is happy to shoulder the risk of downloading a mobile application outside of the App Store or Google Play, that’s fine — but either way, the source of the download should be made clear to the user in the first place.
Google was reported informed of the issue but concluded that the problem was outside of the firm’s scope.
ZDNet has reached out to DJI and will update if we hear back.