Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method com.crashlytics.android.answers.RandomBackoff.<init>() calling method java.util.Random.<init>()


    public RandomBackoff(io.fabric.sdk.android.services.concurrency.internal.Backoff p3, double p4)
    {
        this(p3, p4, new java.util.Random());
        return;
    }

Method com.google.android.gms.internal.zzcfw.zzuk() calling method java.security.SecureRandom.<init>()


    protected final void zzuk()
    {
        com.google.android.gms.internal.zzcby v2_4 = new java.security.SecureRandom();
        long v0 = v2_4.nextLong();
        if (v0 == 0) {
            v0 = v2_4.nextLong();
            if (v0 == 0) {
                this.zzaul().zzayf().log("Utils falling back to Random for random id");
            }
        }
        this.zzixg.set(v0);
        return;
    }

Method com.google.android.gms.analytics.Tracker.<init>() calling method java.util.Random.<init>()


    Tracker(com.google.android.gms.internal.zzamu p5, String p6, com.google.android.gms.internal.zzaol p7)
    {
        super(p5);
        super.zzbqm = new java.util.HashMap();
        super.zzdlj = new java.util.HashMap();
        if (p6 != null) {
            super.zzbqm.put("&tid", p6);
        }
        super.zzbqm.put("useSecure", "1");
        super.zzbqm.put("&a", Integer.toString((new java.util.Random().nextInt(2147483647) + 1)));
        super.zzdlk = new com.google.android.gms.internal.zzaol("tracking", super.zzvx());
        super.zzdll = new com.google.android.gms.analytics.Tracker$zza(super, p5);
        return;
    }

Method com.google.android.gms.internal.zzbt.zza() calling method java.security.SecureRandom.<init>()


    private static byte[] zza(byte[] p6, String p7, boolean p8)
    {
        byte[] v0_5;
        if (!p8) {
            v0_5 = 255;
        } else {
            v0_5 = 239;
        }
        if (p6.length > v0_5) {
            p6 = com.google.android.gms.internal.zzeyn.zzc(com.google.android.gms.internal.zzbt.zzb(4096));
        }
        byte[] v0_4;
        if (p6.length >= v0_5) {
            v0_4 = java.nio.ByteBuffer.allocate((v0_5 + 1)).put(((byte) p6.length)).put(p6).array();
        } else {
            byte[] v1_5 = new byte[(v0_5 - p6.length)];
            new java.security.SecureRandom().nextBytes(v1_5);
            v0_4 = java.nio.ByteBuffer.allocate((v0_5 + 1)).put(((byte) p6.length)).put(p6).put(v1_5).array();
        }
        if (p8) {
            v0_4 = java.nio.ByteBuffer.allocate(256).put(com.google.android.gms.internal.zzbt.zzb(v0_4)).put(v0_4).array();
        }
        byte[] v1_9 = new byte[256];
        new com.google.android.gms.internal.zzbx().zza(v0_4, v1_9);
        if ((p7 != null) && (p7.length() > 0)) {
            if (p7.length() > 32) {
                p7 = p7.substring(0, 32);
            }
            new com.google.android.gms.internal.zzetb(p7.getBytes("UTF-8")).zzay(v1_9);
        }
        return v1_9;
    }

Method com.google.android.gms.internal.zzcfw.zzazy() calling method java.security.SecureRandom.<init>()


    final java.security.SecureRandom zzazy()
    {
        this.zzuj();
        if (this.zzixf == null) {
            this.zzixf = new java.security.SecureRandom();
        }
        return this.zzixf;
    }

Method com.google.android.gms.internal.zzdjo.<clinit>() calling method java.security.SecureRandom.<init>()


    static zzdjo()
    {
        com.google.android.gms.internal.zzdjo.zzlhu = new java.security.SecureRandom();
        return;
    }

Method com.google.android.gms.internal.zzcfw.zzazx() calling method java.util.Random.<init>()


    public final long zzazx()
    {
        try {
            Throwable v0_2;
            if (this.zzixg.get() != 0) {
                try {
                    this.zzixg.compareAndSet(-1, 1);
                    v0_2 = this.zzixg.getAndIncrement();
                } catch (Throwable v0_3) {
                    throw v0_3;
                }
            } else {
                Throwable v0_7 = new java.util.Random((System.nanoTime() ^ this.zzvx().currentTimeMillis())).nextLong();
                int v3_1 = (this.zzixh + 1);
                this.zzixh = v3_1;
                v0_2 = (v0_7 + ((long) v3_1));
            }
        } catch (Throwable v0_8) {
            throw v0_8;
        }
        return v0_2;
    }

Method com.google.android.gms.internal.zzcm.zzaa() calling method java.util.Random.<init>()


    private static java.util.Random zzaa()
    {
        if (com.google.android.gms.internal.zzcm.zzagk == null) {
            if (com.google.android.gms.internal.zzcm.zzagk == null) {
                com.google.android.gms.internal.zzcm.zzagk = new java.util.Random();
            }
        }
        return com.google.android.gms.internal.zzcm.zzagk;
    }

Method com.google.android.gms.internal.zzji.<init>() calling method java.util.Random.<init>()


    public zzji()
    {
        this.mLock = new Object();
        this.zzbds = new java.util.Random();
        this.zzhw();
        return;
    }

Method com.google.android.gms.internal.zztm.onAdClosed() calling method java.util.Random.<init>()


    public final void onAdClosed()
    {
        if (com.google.android.gms.internal.zztv.zzlc()) {
            int v1_0 = ((Integer) com.google.android.gms.ads.internal.zzbv.zzen().zzd(com.google.android.gms.internal.zzmn.zzbkf)).intValue();
            long v0_4 = ((Integer) com.google.android.gms.ads.internal.zzbv.zzen().zzd(com.google.android.gms.internal.zzmn.zzbkg)).intValue();
            if ((v1_0 > 0) && (v0_4 >= 0)) {
                com.google.android.gms.internal.zzahg.zzdca.postDelayed(com.google.android.gms.internal.zztn.zzbxi, ((long) (new java.util.Random().nextInt((v0_4 + 1)) + v1_0)));
            } else {
                com.google.android.gms.ads.internal.zzbv.zzep().zzkl();
            }
        }
        this.zzbxh.onAdClosed();
        return;
    }

Method com.google.android.gms.tagmanager.zzai.<init>() calling method java.util.Random.<init>()


    public zzai(android.content.Context p2, String p3)
    {
        this(p2, p3, new java.util.Random());
        return;
    }

Method com.google.firebase.iid.zzl.zzi() calling method java.util.Random.<init>()


    final void zzi(android.content.Intent p13)
    {
        String v1_0 = 0;
        if (p13 != null) {
            if ("com.google.android.c2dm.intent.REGISTRATION".equals(p13.getAction())) {
                String v0_16 = p13.getStringExtra("registration_id");
                if (v0_16 == null) {
                    v0_16 = p13.getStringExtra("unregistered");
                }
                if (v0_16 != null) {
                    this.zzhuf = android.os.SystemClock.elapsedRealtime();
                    this.zzhuj = 0;
                    this.zzhuh = 0;
                    this.zzhui = 0;
                    if (v0_16.startsWith("|")) {
                        String v3_15 = v0_16.split("\\|");
                        if (!"ID".equals(v3_15[1])) {
                            String v0_57;
                            String v0_55 = String.valueOf(v0_16);
                            if (v0_55.length() == 0) {
                                v0_57 = new String("Unexpected structured response ");
                            } else {
                                v0_57 = "Unexpected structured response ".concat(v0_55);
                            }
                            android.util.Log.w("InstanceID/Rpc", v0_57);
                        }
                        StringBuilder v2_27 = v3_15[2];
                        if (v3_15.length > 4) {
                            if (!"SYNC".equals(v3_15[3])) {
                                if ("RST".equals(v3_15[3])) {
                                    String v0_63 = this.zzahz;
                                    com.google.firebase.iid.zzj.zza(this.zzahz, 0);
                                    com.google.firebase.iid.FirebaseInstanceId.zza(v0_63, com.google.firebase.iid.zzj.zzcga());
                                    p13.removeExtra("registration_id");
                                    this.zzb(v2_27, p13);
                                    return;
                                }
                            } else {
                                com.google.firebase.iid.FirebaseInstanceId.zzek(this.zzahz);
                            }
                        }
                        String v0_69 = v3_15[(v3_15.length - 1)];
                        if (v0_69.startsWith(":")) {
                            v0_69 = v0_69.substring(1);
                        }
                        p13.putExtra("registration_id", v0_69);
                        v1_0 = v2_27;
                    }
                    if (v1_0 != null) {
                        this.zzb(v1_0, p13);
                    } else {
                        if (android.util.Log.isLoggable("InstanceID/Rpc", 3)) {
                            android.util.Log.d("InstanceID/Rpc", "Ignoring response without a request ID");
                        }
                    }
                } else {
                    StringBuilder v2_0 = p13.getStringExtra("error");
                    if (v2_0 != null) {
                        if (android.util.Log.isLoggable("InstanceID/Rpc", 3)) {
                            String v0_5;
                            String v0_3 = String.valueOf(v2_0);
                            if (v0_3.length() == 0) {
                                v0_5 = new String("Received InstanceID error ");
                            } else {
                                v0_5 = "Received InstanceID error ".concat(v0_3);
                            }
                            android.util.Log.d("InstanceID/Rpc", v0_5);
                        }
                        String v0_9;
                        if (!v2_0.startsWith("|")) {
                            v0_9 = 0;
                        } else {
                            String v3_1 = v2_0.split("\\|");
                            if (!"ID".equals(v3_1[1])) {
                                String v0_15;
                                String v0_13 = String.valueOf(v2_0);
                                if (v0_13.length() == 0) {
                                    v0_15 = new String("Unexpected structured response ");
                                } else {
                                    v0_15 = "Unexpected structured response ".concat(v0_13);
                                }
                                android.util.Log.w("InstanceID/Rpc", v0_15);
                            }
                            if (v3_1.length <= 2) {
                                v2_0 = "UNKNOWN";
                                v0_9 = 0;
                            } else {
                                v0_9 = v3_1[2];
                                String v1_1 = v3_1[3];
                                if (!v1_1.startsWith(":")) {
                                    v2_0 = v1_1;
                                } else {
                                    v2_0 = v1_1.substring(1);
                                }
                            }
                            p13.putExtra("error", v2_0);
                        }
                        this.zzbk(v0_9, v2_0);
                        String v0_20 = p13.getLongExtra("Retry-After", 0);
                        if (v0_20 <= 0) {
                            if ((("SERVICE_NOT_AVAILABLE".equals(v2_0)) || ("AUTHENTICATION_FAILED".equals(v2_0))) && ("com.google.android.gsf".equals(com.google.firebase.iid.zzl.zzhtw))) {
                                this.zzhuh = (this.zzhuh + 1);
                                if (this.zzhuh >= 3) {
                                    if (this.zzhuh == 3) {
                                        this.zzhui = (new java.util.Random().nextInt(1000) + 1000);
                                    }
                                    this.zzhui = (this.zzhui << 1);
                                    this.zzhuj = (android.os.SystemClock.elapsedRealtime() + ((long) this.zzhui));
                                    android.util.Log.w("InstanceID/Rpc", new StringBuilder((String.valueOf(v2_0).length() + 31)).append("Backoff due to ").append(v2_0).append(" for ").append(this.zzhui).toString());
                                }
                            }
                        } else {
                            this.zzhug = android.os.SystemClock.elapsedRealtime();
                            this.zzhui = (((int) v0_20) * 1000);
                            this.zzhuj = (android.os.SystemClock.elapsedRealtime() + ((long) this.zzhui));
                            android.util.Log.w("InstanceID/Rpc", new StringBuilder(52).append("Explicit request from server to backoff: ").append(this.zzhui).toString());
                        }
                    } else {
                        String v1_13 = String.valueOf(p13.getExtras());
                        android.util.Log.w("InstanceID/Rpc", new StringBuilder((String.valueOf(v1_13).length() + 49)).append("Unexpected response, no error or registration id ").append(v1_13).toString());
                    }
                }
            } else {
                if (android.util.Log.isLoggable("InstanceID/Rpc", 3)) {
                    String v0_51;
                    String v0_49 = String.valueOf(p13.getAction());
                    if (v0_49.length() == 0) {
                        v0_51 = new String("Unexpected response ");
                    } else {
                        v0_51 = "Unexpected response ".concat(v0_49);
                    }
                    android.util.Log.d("InstanceID/Rpc", v0_51);
                }
            }
        } else {
            if (android.util.Log.isLoggable("InstanceID/Rpc", 3)) {
                android.util.Log.d("InstanceID/Rpc", "Unexpected response: null");
            }
        }
        return;
    }