Impartial Safety Audit Confirms Privateness and Safety Advantages of Parrot FreeFlight 6 App – Drones Information
Parrot’s mobile app, specially designed for the ANAFI drone platform, fulfills the company’s legacy and promises exceptional data protection
PARIS Parrot, the leading European drone group, is pleased to announce the results of an independent privacy and security audit of its FreeFlight 6 mobile application for the ANAFI series of drones. The comprehensive review was conducted by Bishop Fox, one of the most recognized private offensive security companies, to investigate and objectify potential security vulnerabilities and privacy issues in the FreeFlight 6 app.
Bishop Fox’s in-depth assessment of the FreeFlight 6 mobile application for iOS and Android, as well as the FreeFlight 6 API web services, showed that the app delivers on Parrot’s promise of exceptional data security, protection and transparency. The app does not release any user data unless the user explicitly decides to share the information. The Bishop Fox team performed automated vulnerability scanning, source code review, and manual penetration testing to assess FreeFlight 6’s privacy protection and the vulnerability for real-world exploits and attacks.
“The Bishop Fox team did not discover any functionality in the source code to transfer flight data to parrot-controlled storage outside of user-approved drone flight logs. In addition, the team did not observe any transmission of media captured by drones or applications (photos, videos, audio clips) other than user-initiated sharing to social media. “
Bishop Fox’s security and privacy audit for the Parrot FreeFlight 6 app confirmed the following key findings:
The FreeFlight 6 mobile application available on the Apple App Store and Google Play matched the source code provided. The source code for the FreeFlight 6 app had no obfuscation techniques, and Bishop Fox did not identify any code or functionality that departed from the stated design and purpose of the application.
· The Bishop Fox evaluation team has not found any mechanisms to update or extend the FreeFlight 6 application outside of the updates released by the platform. Drone firmware updates are displayed to the user and are not initiated without their permission.
When reviewing the permissions granted by FreeFlight 6 based on the behaviors and actions shown by the app, the Bishop Fox team did not identify any suspicious activity that would indicate undisclosed data collection or sharing beyond the permissions expressly granted by the user.
· The Bishop Fox evaluation team was unable to gain unauthenticated access to stored user data. The team also checked whether user data stored in the cloud storage was deleted on user request.
When reviewing the interactions between drones, mobile applications and back-end API web services in source code, Bishop Fox did not detect any transmission of flight data to parrot-controlled storage outside of user-approved drone flight logs. The team did not observe any transmission of photos, videos, or audio clips captured by drones or apps unless specifically directed by the user.
Victor Vuillard, Parrot’s Chief Security Officer and Chief Technology Officer for cybersecurity, welcomes these results: “The Parrot teams are determined to deliver products that meet the highest security and privacy requirements. Bishop Fox’s assessment shows the high level of security and privacy that Parrot has achieved for all of the benefits of its users. We pride ourselves on offering the safest UAVs. “
Bishop Fox’s comprehensive assessment identified two medium risk vulnerabilities and three low risk vulnerabilities in the FreeFlight 6 mobile app. The Bishop Fox team found that none of the vulnerabilities would compromise user privacy or security.
The upcoming Parrot software update will exacerbate two minor issues related to configuration encryption. After an internal review and based on user feedback, Parrot accepts the risk associated with the remaining medium and low risk vulnerabilities related to authorization token expiration, root and jailbreak detection, and certificate pinning , as user experience and transparency benefits, outweigh the low risks.
A detailed summary by Bishop Fox of the independent review of Parrot FreeFlight 6 can be found at https://www.parrot.com/us/privacy-security.