Does the Android gradle lint error “Weak RNG” still need to be considered?

Question

running gradle build on an android project or module yields the following lint report entry: Potentially insecure random numbers on Android 4.3 and older. Read https://android-d

Answer 1

That depends on whether your app must support Android versions 4.3 and earlier, as well as why you are using SecureRandom in your app (e.g., for information security or secure communications), and the security risk of not using the fix suggested at that page to patch uses of SecureRandom in your app in older versions. Note, however, that according to the Distribution Dashboard, only about 3.5% of Android devices that recently visited the Google Play store ran version 4.3 and earlier. This percentage will likely be less for your app if the minSdkVersion is higher than 10, and this percentage will likely dwindle as time goes by.