If your app uses Android's Java Cryptography Architecture (JCA) or the OpenSSL PRNG for key generation, signing, or random number generation, make sure that you are explicitly initializing the PRNG with entropy from /dev/urandom or /dev/random. 

Also consider regenerating cryptographic keys or other random values that you previously generated using JCA APIs such as SecureRandom, KeyGenerator, KeyPairGenerator, KeyAgreement, and Signature.

Read the linked post for details and a suggested implementation.

Link: http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html

#AndroidDev
Shared publiclyView activity