Insecure Random Number Generator in ActivityResultRegistry [272096025]

Fixed

Bug

Status Update

No update yet.

Description

we...@salesforce.com

created issue #1

Mar 8, 2023 03:30PM

Hello, in a security audit we found an instance of insecure Random Number Generator.

File androidx/activity/result/ActivityResultRegistry.java near line 25:

This is the report we got:
Category Cryptography and Insecure Storage
Testing Method Black Box
Tools Used Apktool, dex2jar, jd-gui

Component used: Activity

Version used: 1.8

Devices/Android versions reproduced on: Android api 31.

If this is a bug in the library, we would appreciate if you could attach:
- Sample project to trigger the issue.
- A screenrecord or screenshots showing the issue (if UI related).

Wed Mar 08 2023 12:29:47 GMT-0300 (Argentina Standard Time).png

35 KB

View

Download

Comments

jb...@google.com <jb...@google.com> Mar 9, 2023 12:01AM

Assigned to jb...@google.com.

ap...@google.com <ap...@google.com> #2Mar 9, 2023 01:52AM

Hi Ed, Thank you so much for these suggestions. I've been reviewing them and merging them in. Hopefully it should be live. I've included a thank you note too in the article.

il...@google.com <il...@google.com> #3Mar 9, 2023 05:44PM

Marked as fixed.

Great! Thanks a lot, I'll look for the live updates soon!

we...@salesforce.com <we...@salesforce.com> #4Mar 10, 2023 11:45AM

Thank you all for the resolution! Have a great day.

Issue 272096025

Description

Issue summary

Comments

jb...@google.com <jb...@google.com> Mar 9, 2023 12:01AM

ap...@google.com <ap...@google.com> #2Mar 9, 2023 01:52AM

il...@google.com <il...@google.com> #3Mar 9, 2023 05:44PM

we...@salesforce.com <we...@salesforce.com> #4Mar 10, 2023 11:45AM

Add comment

Issue metadata