Weak security algorithms (SHA-1 and MD5)

[sergei-mikhailovskii-idf]

Hello, after the security testing of our Android mobile app, we found out that Mati Android SDK uses a weak hash algorithm (SHA-1 and MD5)

[line 136: if (i11 % 2 != 0) {]
[line 137: MessageDigest instance =
MessageDigest.getInstance("MD5");]
[line 138: instance.reset();]

and

[line 107: try {]
[line 108: MessageDigest instance = MessageDigest.getInstance("SHA-
1");]
[line 109: instance.reset();]

That’s why I have two questions - can these vulnerabilities affect the user and if it is true, are there any plans to replace them with more secure algorithms? Thanks in advance for the help. Feel free to ask me for any support you need from my side

[github-actions[bot]]

👋 Hi @sergei-mikhailovskii-idf and Thank you for reaching out to us. In order for us to provide optimal support, please submit a ticket to our support team at support@appsflyer.com. When submitting the ticket, please specify:

• ✅ your AppsFlyer sign-up (account) email
• ✅ app ID
• ✅ production steps
• ✅ logs
• ✅ code snippets
• ✅ and any additional relevant information.