Weak security algorithms (SHA-1)

[sergei-mikhailovskii-idf]

Hello, after the security testing of our Android mobile app, we found out that Mati Android SDK uses a weak hash algorithm (SHA-1)

[line 35: try {]
[line 36: return new StringBuilder(new BigInteger(1,
MessageDigest.getInstance("SHA-
1").digest(str.getBytes(UTF_8))).toString(16)).toString();]
[line 37: } catch (NoSuchAlgorithmException e11) {]

That’s why I have two questions - can this vulnerability affect the user and if it is true, are there any plans to replace it with a more secure algorithm? Thanks in advance for the help. Feel free to ask me for any support you need from my side

[hayk-kerobyan-metamap]

Hi @sergei-mikhailovskii-idf, The data type processed through this code snippet is not related to any user data and therefore it doesn't add any vulnerability to the SDK itself.

[sergei-mikhailovskii-idf]

Hi, @hayk-kerobyan-metamap ! Got it, thank you very much for the answer!