Fixed
Status Update
No update yet.
Comments
jb...@google.com
ap...@google.com
This is a hard one. We can't easily read native crashes from that Motorola device since their system image is not public. I assume you can't reproduce this either, but if possible can you try using WorkManager 2.0.0 or 1.0.1-rc01? This would help track down the possible changes that might have introduced this issue. Thanks!
il...@google.com
We actually did reproduce it, the current store version of Pocket Casts has WorkManager 2.0.0 and this bug if you want to try and test something. I will try 1.0.1-rc01 and report back.
we...@salesforce.com
Is there a difference between 1.0.1 and 2.0.1? We tried 2.0.1 and it was crashing, if there is a difference I can try 1.0.1 but I thought they were the same?
Description
Hello, in a security audit we found an instance of insecure Random Number Generator.
File androidx/activity/result/ActivityResultRegistry.java near line 25:
This is the report we got:
Category Cryptography and Insecure Storage
Testing Method Black Box
Tools Used Apktool, dex2jar, jd-gui
Component used: Activity
Version used: 1.8
Devices/Android versions reproduced on: Android api 31.
If this is a bug in the library, we would appreciate if you could attach:
- Sample project to trigger the issue.
- A screenrecord or screenshots showing the issue (if UI related).