I'm sure there are ways, but I guess a lot of nefarious things one could do with a drone product get a lot harder if you don't also make the finished system assembled from those parts and the software controlling the whole thing.
> What secret and hidden, nefarious things could those reasonably be?
Collecting photo and video footage combined with GPS data without the explicit consent of the owner would be the biggest one, IMO. That would be a great way to build maps of areas that aren't visible from satellites, or to get more detailed imagery than a satellite, or to build full 3D maps of areas using photogrammetry or similar.
Just the GPS data could also be very useful, as it would be a map of the space that drones are likely to be able to fly through. If someone has a 3D map of areas where consumers successfully flew drones, seems like that would make it much easier to send semi- or fully-autonomous drones through there too, if the area were of interest. The US Navy has a problem with mystery drones surveilling their ships, so it seems reasonable to assume that folks are doing the same with sensitive facilities on land. Maybe it would even be useful for plotting flight routes for cruise missiles, so they can stay as close to the ground as possible?
Capturing wifi access point information, like some mapping companies have done, could be beneficial to an organization that doesn't have traditional mapping vehicles. Same for any other radio signals that the device can pick up.
All of that is more or less passive, with the exception of sending the data somewhere. There are a lot more options if the manufacturer is willing to be more aggressive and risk someone noticing that their products are behaving oddly.
Yeah, imagine war starts in Taiwan. The Chinese government “asks” DJI for a set of all photos taken anywhere near US military facilities, including just of public highways leading in or out. That gives the Chinese government intelligence they wouldn’t otherwise have.
And it could also ask for photos near locations where Chinese dissidents or their family members live.
Use your imagination, what happens if DJI decides to add a little logic test to their firmware:
1) drone is flying in Ukraine?
2) motor amperage is higher than normal (probably carrying a grenade)?
If 1 and 2, return to takeoff point and drop the grenade
Maybe mix in a rand() so Ukraine doesn't catch on too quick. Could easily carve out the serial numbers of ones you've sold to friendly countries to not trigger the logic as well.
What concerns most people is firmware and software, the inevitable phone apps etc.
Not that I could trust an US or EU product to be less invasive of users privacy; if we don't want products that phone home we must make them by ourselves.
Not an easy task, however, especially wrt undocumented chipsets running tight closed firmware.
All the parts are going to come from there anyway...