Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method com.google.android.gms.analytics.Tracker.<init>() calling method java.util.Random.<init>()


    Tracker(com.google.android.gms.analytics.internal.zzf p5, String p6, com.google.android.gms.analytics.internal.zzad p7)
    {
        super(p5);
        super.zzyn = new java.util.HashMap();
        super.zzII = new java.util.HashMap();
        if (p6 != null) {
            super.zzyn.put("&tid", p6);
        }
        super.zzyn.put("useSecure", "1");
        super.zzyn.put("&a", Integer.toString((new java.util.Random().nextInt(2147483647) + 1)));
        if (p7 != null) {
            super.zzIJ = p7;
        } else {
            super.zzIJ = new com.google.android.gms.analytics.internal.zzad("tracking");
        }
        super.zzIK = new com.google.android.gms.analytics.Tracker$zza(super, p5);
        return;
    }

Method com.google.android.gms.ads.internal.client.zzl.<init>() calling method java.util.Random.<init>()


    public zzl()
    {
        this.zzqt = new Object();
        this.zzsz = new java.util.Random();
        this.zzcG();
        return;
    }

Method com.google.android.gms.iid.zzc.zzdd() calling method java.util.Random.<init>()


    private void zzdd(String p7)
    {
        if ("com.google.android.gsf".equals(com.google.android.gms.iid.zzc.zzaxd)) {
            this.zzaxm = (this.zzaxm + 1);
            if (this.zzaxm >= 3) {
                if (this.zzaxm == 3) {
                    this.zzaxn = (new java.util.Random().nextInt(1000) + 1000);
                }
                this.zzaxn = (this.zzaxn * 2);
                this.zzaxo = (android.os.SystemClock.elapsedRealtime() + ((long) this.zzaxn));
                StringBuilder v1_3 = new StringBuilder();
                v1_3.append("Backoff due to ");
                v1_3.append(p7);
                v1_3.append(" for ");
                v1_3.append(this.zzaxn);
                android.util.Log.w("InstanceID/Rpc", v1_3.toString());
                return;
            } else {
                return;
            }
        } else {
            return;
        }
    }

Method com.google.android.gms.wearable.PutDataRequest.<clinit>() calling method java.security.SecureRandom.<init>()


    static PutDataRequest()
    {
        com.google.android.gms.wearable.PutDataRequest.CREATOR = new com.google.android.gms.wearable.zzf();
        com.google.android.gms.wearable.PutDataRequest.zzaSX = new java.security.SecureRandom();
        return;
    }

Method com.google.android.gms.internal.zzak.zza() calling method java.security.SecureRandom.<init>()


    String zza(byte[] p5, String p6)
    {
        if (p5.length > 239) {
            this.zzS();
            this.zza(20, 1);
            p5 = this.zzT();
        }
        String v5_1;
        if (p5.length >= 239) {
            v5_1 = java.nio.ByteBuffer.allocate(240).put(((byte) p5.length)).put(p5);
        } else {
            byte[] v0_4 = new byte[(239 - p5.length)];
            new java.security.SecureRandom().nextBytes(v0_4);
            v5_1 = java.nio.ByteBuffer.allocate(240).put(((byte) p5.length)).put(p5).put(v0_4);
        }
        String v5_3 = v5_1.array();
        byte[] v0_6 = java.security.MessageDigest.getInstance("MD5");
        v0_6.update(v5_3);
        byte[] v0_9 = new byte[256];
        new com.google.android.gms.internal.zzai().zzb(java.nio.ByteBuffer.allocate(256).put(v0_6.digest()).put(v5_3).array(), v0_9);
        if ((p6 != 0) && (p6.length() > 0)) {
            this.zza(p6, v0_9);
        }
        return this.zzmT.zza(v0_9, 1);
    }