Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method ru.yandex.searchlib.network.a.<init>() calling method java.util.Random.<init>()


    public a(long p4, long p6)
    {
        this.a = new java.util.Random();
        this.d = 0;
        this.b = p4;
        this.c = p6;
        return;
    }

Method ru.yandex.disk.util.bq.<clinit>() calling method java.util.Random.<init>()


    static bq()
    {
        ru.yandex.disk.util.bq.a = new java.util.Random();
        return;
    }

Method ru.yandex.disk.service.ae.<clinit>() calling method java.util.Random.<init>()


    static ae()
    {
        ru.yandex.disk.service.ae.a = new java.util.Random();
        return;
    }

Method org.onepf.openpush.gcm.GcmIntentService.<clinit>() calling method java.util.Random.<init>()


    static GcmIntentService()
    {
        org.onepf.openpush.gcm.GcmIntentService.TAG = org.onepf.openpush.gcm.GcmIntentService.getSimpleName();
        org.onepf.openpush.gcm.GcmIntentService.sRandom = new java.util.Random();
        org.onepf.openpush.gcm.GcmIntentService.MAX_BACKOFF_MS = ((int) java.util.concurrent.TimeUnit.SECONDS.toMillis(3600));
        org.onepf.openpush.gcm.GcmIntentService.TOKEN = Long.toBinaryString(org.onepf.openpush.gcm.GcmIntentService.sRandom.nextLong());
        return;
    }

Method okhttp3.OkHttpClient.newWebSocket() calling method java.util.Random.<init>()


    public okhttp3.WebSocket newWebSocket(okhttp3.Request p3, okhttp3.WebSocketListener p4)
    {
        okhttp3.internal.ws.RealWebSocket v0_1 = new okhttp3.internal.ws.RealWebSocket(p3, p4, new java.util.Random());
        v0_1.connect(this);
        return v0_1;
    }

Method com.yandex.metrica.impl.ob.fb.<init>() calling method java.util.Random.<init>()


    public fb(int p2)
    {
        if ((p2 <= 0) || (p2 > 31)) {
            this.a = 31;
        } else {
            this.a = p2;
        }
        this.c = new java.util.Random();
        return;
    }

Method com.yandex.courier.client.CMBaseIntentService.<clinit>() calling method java.util.Random.<init>()


    static CMBaseIntentService()
    {
        com.yandex.courier.client.CMBaseIntentService.LOCK = com.yandex.courier.client.CMBaseIntentService;
        com.yandex.courier.client.CMBaseIntentService.sCounter = 0;
        com.yandex.courier.client.CMBaseIntentService.sRandom = new java.util.Random();
        com.yandex.courier.client.CMBaseIntentService.MAX_BACKOFF_MS = ((int) java.util.concurrent.TimeUnit.SECONDS.toMillis(3600));
        com.yandex.courier.client.CMBaseIntentService.TOKEN = Long.toBinaryString(com.yandex.courier.client.CMBaseIntentService.sRandom.nextLong());
        return;
    }

Method com.yandex.auth.ob.ar.<clinit>() calling method java.util.Random.<init>()


    static ar()
    {
        com.yandex.auth.k.a(com.yandex.auth.ob.ar);
        com.yandex.auth.ob.ar.b = new java.util.Random();
        return;
    }

Method ru.yandex.disk.al.j() calling method java.util.Random.<init>()


    java.util.Random j()
    {
        return new java.util.Random();
    }

Method com.google.common.cache.Striped64.<clinit>() calling method java.util.Random.<init>()


    static Striped64()
    {
        com.google.common.cache.Striped64.a = new ThreadLocal();
        com.google.common.cache.Striped64.b = new java.util.Random();
        com.google.common.cache.Striped64.c = Runtime.getRuntime().availableProcessors();
        try {
            com.google.common.cache.Striped64.g = com.google.common.cache.Striped64.a();
            com.google.common.cache.Striped64.h = com.google.common.cache.Striped64.g.objectFieldOffset(com.google.common.cache.Striped64.getDeclaredField("base"));
            com.google.common.cache.Striped64.i = com.google.common.cache.Striped64.g.objectFieldOffset(com.google.common.cache.Striped64.getDeclaredField("busy"));
            return;
        } catch (Exception v0_7) {
            throw new Error(v0_7);
        }
    }

Method com.google.android.gms.iid.zzc.zzke() calling method java.util.Random.<init>()


    private void zzke(String p5)
    {
        if ("com.google.android.gsf".equals(com.google.android.gms.iid.zzc.aaG)) {
            this.aaP = (this.aaP + 1);
            if (this.aaP >= 3) {
                if (this.aaP == 3) {
                    this.aaQ = (new java.util.Random().nextInt(1000) + 1000);
                }
                this.aaQ = (this.aaQ * 2);
                this.aaR = (android.os.SystemClock.elapsedRealtime() + ((long) this.aaQ));
                android.util.Log.w("InstanceID/Rpc", new StringBuilder((String.valueOf(p5).length() + 31)).append("Backoff due to ").append(p5).append(" for ").append(this.aaQ).toString());
            }
        }
        return;
    }

Method com.yandex.metrica.impl.utils.b.a() calling method java.security.SecureRandom.<init>()


    public byte[] a(byte[] p7)
    {
        try {
            int v0_1 = new java.security.SecureRandom();
            byte[] v1_1 = new byte[16];
            byte[] v2_1 = new byte[16];
            v0_1.nextBytes(v2_1);
            v0_1.nextBytes(v1_1);
            int v0_4 = this.a(p7, v2_1, v1_1, java.security.KeyFactory.getInstance("RSA").generatePublic(new java.security.spec.X509EncodedKeySpec(android.util.Base64.decode("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhmH/m2qrRjxDHP794CeaZpENQNYydf8pqyXJilo6XxK+n+pvo27VxWfB3Z1yHrtKow+eZXKLQzrQ8wZMfRgADrYCQJ20y2hGZEUCN1tGSM+xqVKMeCtVi3NvQa54Cx7mT5ECVsH5DKEs/aeScDHP56FzcgEbtOSwyRZ8dsEM0wwIDAQAB", 0))));
        } catch (int v0) {
            v0_4 = 0;
        } catch (int v0) {
        }
        return v0_4;
    }

Method com.localytics.android.AnalyticsHandler._updateHeaderForTestModeAttribution() calling method java.security.SecureRandom.<init>()


    void _updateHeaderForTestModeAttribution(String p9, org.json.JSONObject p10, com.localytics.android.DatapointHelper$AdvertisingInfo p11, boolean p12)
    {
        if (!this.mSentReferrerTestMode) {
            if (!android.text.TextUtils.isEmpty(p9)) {
                String[] v4 = java.net.URLDecoder.decode(p9).split("[&]");
                int v5 = v4.length;
                int v3_0 = 0;
                while (v3_0 < v5) {
                    String v0_14 = v4[v3_0].split("[=]");
                    if (v0_14.length > 1) {
                        String v0_18;
                        String v6_3 = v0_14[0].toLowerCase();
                        String v0_16 = v0_14[1].toLowerCase();
                        if ((!v6_3.equals("localytics_test_mode")) || ((!v0_16.equals("1")) && (!v0_16.equals("true")))) {
                            v0_18 = 0;
                        } else {
                            v0_18 = 1;
                        }
                        this.mReferrerTestModeEnabled = v0_18;
                    }
                    v3_0++;
                }
            }
            if (((p12) || (this.mFirstSessionEver)) && (this.mReferrerTestModeEnabled)) {
                try {
                    com.localytics.android.Localytics$Log.i("[REFERRAL] using fake id for attribution test mode");
                    String v0_7 = Long.toHexString(new java.security.SecureRandom().nextLong());
                    p10.put("aid", v0_7);
                    p10.put("du", com.localytics.android.DatapointHelper.getSha256_buggy(v0_7));
                    p10.put("caid", v0_7);
                } catch (String v0_11) {
                    com.localytics.android.Localytics$Log.e("Exception adding values to object", v0_11);
                }
                if (p11 != null) {
                    String v0_9 = java.util.UUID.randomUUID().toString();
                    p10.put("gadid", v0_9);
                    p10.put("gcadid", v0_9);
                }
                this.mSentReferrerTestMode = 1;
            }
        }
        return;
    }