Fixed
Status Update
Comments
jb...@google.com <jb...@google.com>
ap...@google.com <ap...@google.com> #2
Hi Ed, Thank you so much for these suggestions. I've been reviewing them and merging them in. Hopefully it should be live. I've included a thank you note too in the article.
il...@google.com <il...@google.com> #3
Great! Thanks a lot, I'll look for the live updates soon!
we...@salesforce.com <we...@salesforce.com> #4
Thank you all for the resolution! Have a great day.
Description
Hello, in a security audit we found an instance of insecure Random Number Generator.
File androidx/activity/result/ActivityResultRegistry.java near line 25:
This is the report we got:
Category Cryptography and Insecure Storage
Testing Method Black Box
Tools Used Apktool, dex2jar, jd-gui
Component used: Activity
Version used: 1.8
Devices/Android versions reproduced on: Android api 31.
If this is a bug in the library, we would appreciate if you could attach:
- Sample project to trigger the issue.
- A screenrecord or screenshots showing the issue (if UI related).