1. https://appdevelopermagazine.com/android
  2. https://appdevelopermagazine.com/google-confirms-security-compromise-in-android-apps-using-java-cryptography-architecture-(jca)/
8/14/2013 8:26:02 PM
Google Confirms Security Compromise in Android Apps Using Java Cryptography Architecture (JCA)
https://news-cdn.moonbeam.co/android-security-comprimise_63va3w6e.png
App Developer Magazine
Google Confirms Security Compromise in Android Apps Using Java Cryptography Architecture (JCA)

Android

Google Confirms Security Compromise in Android Apps Using Java Cryptography Architecture (JCA)


Wednesday, August 14, 2013

Richard Harris Richard Harris

Today on Google's Developer blog, Alex Klyubin, Android Security Engineer confirms they have found a serious security compromise in Android apps that use JCA for certain functions such as key generation and signing, or random number generation.

Alex says, "We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG. Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected. Applications that establish TLS/SSL connections using the HttpClient and java.net classes are not affected as those classes do seed the OpenSSL PRNG with values from /dev/urandom."

Also in the blog post are a couple of things Android developers can do to make sure their apps are secure.


Read more: http://android-developers.blogspot.com/2013/08/som...

Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here