fdcb
commented
1 year ago Hey, @JonasPrapuolenisDBG thank you for reporting this.
We are aware that our SDK is unfortunately not using the best practices for security-sensitive applications when it comes to the generation of Random values. We have been working to improve this. We will update this issue once we release a version that addresses your concerns.
Describe the bug Uses an insecure random number generator
package atd.s0.g0 uses java.util.Random, which can be considered insecure for use in security-sensitive applications
Expected behavior Consider using SecureRandom to obtain a cryptographically secure pseudo-random number generator for use in security-sensitive applications.
Screenshots
Smartphone (please complete the following information):