Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method com.facebook.android.crypto.keychain.FixedSecureRandom.<init>() calling method java.security.SecureRandom.<init>()


    public FixedSecureRandom()
    {
        return;
    }

Method com.facebook.android.crypto.keychain.SecureRandomFix.tryInstallLinuxPRNGSecureRandom() calling method java.security.SecureRandom.<init>()


    private static void tryInstallLinuxPRNGSecureRandom()
    {
        if (android.os.Build$VERSION.SDK_INT <= 18) {
            java.security.Provider[] v0_2 = java.security.Security.getProviders("SecureRandom.SHA1PRNG");
            if ((v0_2 == null) || ((v0_2.length < 1) || (!com.facebook.android.crypto.keychain.SecureRandomFix$LinuxPRNGSecureRandomProvider.equals(v0_2[0].getClass())))) {
                java.security.Security.insertProviderAt(new com.facebook.android.crypto.keychain.SecureRandomFix$LinuxPRNGSecureRandomProvider(), 1);
            }
            java.security.SecureRandom v1_2 = new java.security.SecureRandom();
            if (com.facebook.android.crypto.keychain.SecureRandomFix$LinuxPRNGSecureRandomProvider.equals(v1_2.getProvider().getClass())) {
                try {
                    java.security.NoSuchAlgorithmException v2_7 = java.security.SecureRandom.getInstance("SHA1PRNG");
                } catch (java.security.NoSuchAlgorithmException v2_8) {
                    throw new SecurityException("SHA1PRNG not available", v2_8);
                }
                if (com.facebook.android.crypto.keychain.SecureRandomFix$LinuxPRNGSecureRandomProvider.equals(v2_7.getProvider().getClass())) {
                    return;
                } else {
                    String v4_4 = new StringBuilder();
                    v4_4.append("SecureRandom.getInstance(\"SHA1PRNG\") backed by wrong Provider: ");
                    v4_4.append(v2_7.getProvider().getClass());
                    throw new SecurityException(v4_4.toString());
                }
            } else {
                SecurityException v3_12 = new StringBuilder();
                v3_12.append("new SecureRandom() backed by wrong Provider: ");
                v3_12.append(v1_2.getProvider().getClass());
                throw new SecurityException(v3_12.toString());
            }
        } else {
            return;
        }
    }

Method com.google.android.gms.measurement.internal.zzfy.zzgz() calling method java.security.SecureRandom.<init>()


    protected final void zzgz()
    {
        this.zzaf();
        com.google.android.gms.measurement.internal.zzau v0_5 = new java.security.SecureRandom();
        long v1 = v0_5.nextLong();
        if (v1 == 0) {
            v1 = v0_5.nextLong();
            if (v1 == 0) {
                this.zzgt().zzjj().zzby("Utils falling back to Random for random id");
            }
        }
        this.zzauq.set(v1);
        return;
    }

Method com.google.android.gms.measurement.internal.zzfy.zzmk() calling method java.security.SecureRandom.<init>()


    final java.security.SecureRandom zzmk()
    {
        this.zzaf();
        if (this.zzaup == null) {
            this.zzaup = new java.security.SecureRandom();
        }
        return this.zzaup;
    }

Method com.crashlytics.android.answers.RandomBackoff.<init>() calling method java.util.Random.<init>()


    public RandomBackoff(io.fabric.sdk.android.services.concurrency.internal.Backoff p2, double p3)
    {
        this(p2, p3, new java.util.Random());
        return;
    }

Method com.google.android.gms.measurement.internal.zzfy.zzmj() calling method java.util.Random.<init>()


    public final long zzmj()
    {
        if (this.zzauq.get() != 0) {
            try {
                this.zzauq.compareAndSet(-1, 1);
                return this.zzauq.getAndIncrement();
            } catch (Throwable v1_2) {
                throw v1_2;
            }
        } else {
            try {
                Throwable v1_5 = new java.util.Random((System.nanoTime() ^ this.zzbx().currentTimeMillis())).nextLong();
                long v3_1 = (this.zzado + 1);
                this.zzado = v3_1;
                return (v1_5 + ((long) v3_1));
            } catch (Throwable v1_6) {
                throw v1_6;
            }
        }
    }