问题
running gradle build on an android project or module yields the following lint report entry: Potentially insecure random numbers on Android 4.3 and older. Read https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html for more info.
This provides an easy to implement patch for said issue. But I'm wondering if it needs to be applied, given that it's 5 years old, or can this be ignored?
Thanks
回答1:
That depends on whether your app must support Android versions 4.3 and earlier, as well as why you are using SecureRandom in your app (e.g., for information security or secure communications), and the security risk of not using the fix suggested at that page to patch uses of SecureRandom in your app in older versions. Note, however, that according to the Distribution Dashboard, only about 3.5% of Android devices that recently visited the Google Play store ran version 4.3 and earlier. This percentage will likely be less for your app if the minSdkVersion is higher than 10, and this percentage will likely dwindle as time goes by.
来源:https://stackoverflow.com/questions/55035165/does-the-android-gradle-lint-error-weak-rng-still-need-to-be-considered