Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method com.dieam.reactnativepushnotification.modules.RNPushNotification.<init>() calling method java.util.Random.<init>()


    public RNPushNotification(com.facebook.react.bridge.ReactApplicationContext p5)
    {
        super(p5);
        super.mRandomNumberGenerator = new java.util.Random(System.currentTimeMillis());
        p5.addActivityEventListener(super);
        super.mRNPushNotificationHelper = new com.dieam.reactnativepushnotification.modules.RNPushNotificationHelper(((android.app.Application) p5.getApplicationContext()));
        super.registerNotificationsRegistration();
        super.registerNotificationsReceiveNotification();
        super.registerNotificationsRemoteFetch();
        return;
    }

Method com.dieam.reactnativepushnotification.modules.RNPushNotificationListenerService.sendNotification() calling method java.util.Random.<init>()


    private void sendNotification(android.os.Bundle p7)
    {
        if (p7.getString("id") == null) {
            p7.putString("id", String.valueOf(new java.util.Random(System.currentTimeMillis()).nextInt()));
        }
        Boolean v1 = Boolean.valueOf(this.isApplicationRunning());
        android.content.Intent v0_1 = new android.content.Intent(new StringBuilder().append(this.getPackageName()).append(".RNPushNotificationReceiveNotification").toString());
        p7.putBoolean("foreground", v1.booleanValue());
        p7.putBoolean("userInteraction", 0);
        v0_1.putExtra("notification", p7);
        this.sendBroadcast(v0_1);
        if (p7.getString("contentAvailable", "false").equalsIgnoreCase("true")) {
            android.util.Log.d("RNPushNotification", "Received a notification with remote fetch enabled");
            android.content.Intent v3_1 = new android.content.Intent(new StringBuilder().append(this.getPackageName()).append(".RNPushNotificationRemoteFetch").toString());
            v3_1.putExtra("notification", p7);
            this.sendBroadcast(v3_1);
        }
        if (!v1.booleanValue()) {
            new com.dieam.reactnativepushnotification.modules.RNPushNotificationHelper(this.getApplication()).sendNotification(p7);
        }
        return;
    }

Method com.crashlytics.android.answers.RandomBackoff.<init>() calling method java.util.Random.<init>()


    public RandomBackoff(io.fabric.sdk.android.services.concurrency.internal.Backoff p3, double p4)
    {
        this(p3, p4, new java.util.Random());
        return;
    }

Method com.google.firebase.iid.zzf.zzke() calling method java.util.Random.<init>()


    private void zzke(String p5)
    {
        if ("com.google.android.gsf".equals(com.google.firebase.iid.zzf.aaG)) {
            this.aaP = (this.aaP + 1);
            if (this.aaP >= 3) {
                if (this.aaP == 3) {
                    this.aaQ = (new java.util.Random().nextInt(1000) + 1000);
                }
                this.aaQ = (this.aaQ * 2);
                this.aaR = (android.os.SystemClock.elapsedRealtime() + ((long) this.aaQ));
                android.util.Log.w("InstanceID/Rpc", new StringBuilder((String.valueOf(p5).length() + 31)).append("Backoff due to ").append(p5).append(" for ").append(this.aaQ).toString());
            }
        }
        return;
    }

Method com.google.android.gms.iid.zzc.zzke() calling method java.util.Random.<init>()


    private void zzke(String p5)
    {
        if ("com.google.android.gsf".equals(com.google.android.gms.iid.zzc.aaG)) {
            this.aaP = (this.aaP + 1);
            if (this.aaP >= 3) {
                if (this.aaP == 3) {
                    this.aaQ = (new java.util.Random().nextInt(1000) + 1000);
                }
                this.aaQ = (this.aaQ * 2);
                this.aaR = (android.os.SystemClock.elapsedRealtime() + ((long) this.aaQ));
                android.util.Log.w("InstanceID/Rpc", new StringBuilder((String.valueOf(p5).length() + 31)).append("Backoff due to ").append(p5).append(" for ").append(this.aaQ).toString());
            }
        }
        return;
    }

Method com.google.android.gms.measurement.internal.zzt.zzbte() calling method java.security.SecureRandom.<init>()


    private java.security.SecureRandom zzbte()
    {
        this.zzwu();
        if (this.akg == null) {
            this.akg = new java.security.SecureRandom();
        }
        return this.akg;
    }

Method com.google.android.gms.auth.api.credentials.PasswordSpecification.<init>() calling method java.security.SecureRandom.<init>()


    PasswordSpecification(int p2, String p3, java.util.List p4, java.util.List p5, int p6, int p7)
    {
        this.mVersionCode = p2;
        this.db = p3;
        this.dc = java.util.Collections.unmodifiableList(p4);
        this.dd = java.util.Collections.unmodifiableList(p5);
        this.de = p6;
        this.df = p7;
        this.dg = this.zzaff();
        this.zzavp = new java.security.SecureRandom();
        return;
    }

Method okhttp3.ws.WebSocketCall.<init>() calling method java.security.SecureRandom.<init>()


    WebSocketCall(okhttp3.OkHttpClient p2, okhttp3.Request p3)
    {
        this(p2, p3, new java.security.SecureRandom());
        return;
    }