DealNest DJI’s 2017 introduction of Local Data Mode marked a turning point in how consumer drones handled data — and in how government clients approached the security implications of drones designed for the civilian market.
In August 2017, the Chinese drone manufacturer DJI announced a new feature for its consumer and professional drone line: Local Data Mode, a software option that prevents the drone’s companion flight-control app from exchanging any data with the internet during a flight. The feature was introduced against a specific political backdrop — a US Army memo issued the same month directing personnel to halt use of all DJI products due to unspecified “cyber vulnerabilities” — and it opened a conversation about consumer drone data security that has continued to develop across the years since. This piece looks at what Local Data Mode does, why it matters for drone operators, and how the issue it addresses has evolved.
What Local Data Mode actually is
DJI’s flight-control software — the DJI Go app in 2017, and its successors DJI Fly and DJI Go 4 in later years — is the mobile application that pilots use to control a DJI drone. The app connects to the physical controller, displays the drone’s camera feed, manages flight settings, and provides access to intelligent flight modes. In its normal operation, the app also exchanges various data with DJI’s servers: it checks for software updates, syncs map information, validates the drone’s geofencing status against no-fly zones, and (if the user opts in) backs up flight logs and captured media to cloud storage.
Local Data Mode breaks those connections. When enabled, the flight-control app operates entirely offline. It does not call DJI’s servers; it does not sync maps; it does not back up anything to the cloud; it does not validate geofencing in real time (the drone still uses its last locally-cached geofencing data). Airworthiness and flight performance are unaffected — the drone flies the same way with or without Local Data Mode active — but any possibility of flight data being transmitted from the device during the operation is removed.
The feature was engineered for enterprise and government customers operating in contexts where even the theoretical possibility of data transmission to a third-party server was problematic: police departments, search-and-rescue operations, infrastructure inspection crews working on sensitive sites, and military users in non-combat applications. For consumer users flying drones at the park on a Saturday afternoon, Local Data Mode is available but generally unnecessary — most people are not flying missions where cloud sync is a security concern.
The US Army memo and the politics around DJI
The US Army memo that accelerated Local Data Mode’s release was dated August 2, 2017, and directed Army personnel to stop using DJI products due to “increased awareness of cyber vulnerabilities associated with DJI products.” The memo did not specify what those vulnerabilities were, and DJI said the Army had not raised concerns with the company ahead of the memo’s publication.
DJI’s own statements at the time were careful. Brendan Schulman, then the company’s Vice President of Policy and Legal Affairs, said the Local Data Mode announcement was not a response to the Army memo but an acceleration of a feature that had been in development for several months. Other DJI representatives — speaking to TechCrunch and The New York Times among others — reinforced that the feature addressed enterprise customer requests that had been building for a while, and that the Army memo had intensified existing concerns among DJI’s government-adjacent customer base.
Whatever the internal timeline, the 2017 memo was the first major public signal that US government buyers — and by extension, many other large institutional buyers globally — were becoming cautious about Chinese-made drones for reasons that extended beyond the hardware itself. The question was not whether a DJI drone could fly well (it could), but whether its software stack, cloud services, and data flows were acceptable for sensitive operations.
Why this matters for drone operators
For consumer pilots, the data security question is largely academic. A hobbyist flying a drone at a beach is not generating data that anyone cares to intercept, and the default settings in DJI’s apps are reasonable for casual use. Cloud backup is convenient; software updates keep the drone working well; geofencing helps pilots avoid accidentally entering restricted airspace. For this audience, the default configuration is fine.
For professional and enterprise operators, the stakes are different. A commercial pilot inspecting a gas pipeline, a utility company’s infrastructure surveyor, a police department’s tactical unit, or a real estate agent capturing footage of a client’s unreleased property — any of these has reasons to want full control over where the drone’s flight data goes. Local Data Mode makes that control straightforward: enable the setting, fly the mission, know that nothing has been transmitted.
The feature also affects how drones can be sold to government and institutional buyers. A department with a procurement policy that prohibits the purchase of equipment that sends data to servers outside its jurisdiction may be unable to authorise drones without Local Data Mode (or an equivalent). The feature’s existence opened sales channels that had been closed to DJI before 2017.
The broader drone-security landscape
DJI’s Local Data Mode was the first major public gesture in what has since become a substantial ongoing conversation about consumer-drone data security. In the years after 2017, several developments have continued the thread:
- The US Department of the Interior grounded its DJI-made fleet in 2020 pending a review of Chinese-manufactured drones.
- The US Department of Defense has maintained and expanded restrictions on the use of Chinese-origin drone components across military programs.
- DJI has continued to develop enterprise-focused software (including the separate DJI Flight Hub and FlightHub 2 platforms) aimed at large commercial operators with auditable data workflows.
- Competing drone manufacturers — particularly French company Parrot and US companies Skydio and BRINC — have marketed their products explicitly to US government and enterprise buyers who want alternatives to DJI for data-security reasons.
- Legislative proposals in the US have at various points sought to ban DJI products from federal procurement, with varying degrees of success.
The picture that has emerged is of a consumer drone market that is technically dominated by DJI — its products remain among the best-engineered and most capable available — but that is increasingly bifurcated by buyer type. For consumers and most commercial users, DJI drones remain the default choice. For US government and sensitive-enterprise buyers, non-Chinese alternatives have become the expected purchase, regardless of comparative product capability.
What Local Data Mode does not do
It is worth being specific about the feature’s limits. Local Data Mode prevents the DJI app from exchanging data with DJI’s servers during a flight. It does not:
- Prevent the drone itself from any communication with the controller, which is an essential part of the flight.
- Change the physical design of the drone’s radio protocols.
- Audit the drone’s firmware for hypothetical vulnerabilities that might exist outside the app-to-server path.
- Address any concerns about the drone’s origin of manufacture or the broader supply chain.
In other words, Local Data Mode addresses a specific data-transmission concern but leaves a number of other concerns — supply-chain origin, firmware auditability, hardware component sourcing — untouched. For buyers whose concerns are primarily about data flows during flight operations, the feature is a meaningful response. For buyers whose concerns are primarily about the country of manufacture or the geopolitical status of the manufacturer, Local Data Mode does not change the fundamental calculation.
The feature’s position today
Local Data Mode remains a standard feature of DJI’s enterprise software. It is available in the current DJI Pilot and DJI Pilot 2 applications (the enterprise-focused flight-control apps that replaced DJI Go for professional users), and it continues to be used by commercial pilots and institutional buyers for whom data control is important. The 2017 memo that accelerated its launch has been followed by many subsequent policy decisions and procurement considerations, but the feature itself has continued to do the work it was designed for.
For drone buyers considering which model to purchase today, the relevance of Local Data Mode depends entirely on the intended use. Consumer pilots can ignore it; enterprise pilots working in sensitive contexts should verify that their drone and app combination supports it; and government buyers will generally have procurement rules that make the feature either required or insufficient (depending on whether the concern is data flows specifically or DJI as a vendor more broadly).
Closing
DJI’s Local Data Mode is a useful case study in how consumer technology becomes an enterprise security question. A drone sold primarily to hobbyists turned out to be useful for police, utilities, governments and militaries; once those institutional users adopted the hardware, the software’s cloud-sync behaviour became a procurement question; and DJI’s response — an offline mode that preserved airworthiness while removing data transmission — set a template that the industry has continued to work from. Seven years after the 2017 announcement, the broader conversation about drone origin and data security continues, but Local Data Mode remains what it was designed to be: a tool for pilots who need to fly without talking to anyone outside their immediate operation.
