Slowly, slowly, findee source codey
Chinese drone company DJI has removed hot-patching frameworks discovered in its apps by hackers – and is beginning to reveal GPL-licensed elements in its code.
Informed sources told The Register the latest versions of DJI’s Go app, which is the mobile app used for controlling the firm’s drones in flight, have had JSPatch and Tencent Tinker stripped out of them.
As we previously reported, these hot-patching frameworks seemed likely to break Apple and Google’s terms and conditions for their app stores. This was because those two frameworks allow new code to be pushed into the app outside of the mandatory code review process operated by both app store firms.
The company had promised to remove both frameworks by the end of August.
DJI is also revealing some GPL-licensed source code for items inside the Go app. This is a step forward; in the past, the firm had been criticised by some (for example, here) for not doing this. GPL licence terms mean users of GPL-licensed code should, in theory, make source code available for GPL-licensed software that is released to the public.
Drone hacker SasquatchLabs posted on a popular drone forum that DJI had told him: “Furthermore, our engineering team is working internally, and with vendors, to investigate other source code and will provide the status upon completion. DJI has also designated a team to oversee open source software compliance on an ongoing basis.”