Android gradle lint 错误“Weak RNG"还需要考虑吗? [英] Does the Android gradle lint error "Weak RNG" still need to be considered?

问题描述

在 android 项目或模块上运行 gradle build 会产生以下 lint 报告条目:Android 4.3 及更早版本上可能不安全的随机数.阅读 https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html 了解更多信息.

running gradle build on an android project or module yields the following lint report entry: Potentially insecure random numbers on Android 4.3 and older. Read https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html for more info.

这为上述问题提供了一个易于实施的补丁.但是我想知道是否需要应用它，因为它已经5岁了，或者可以忽略它吗?

This provides an easy to implement patch for said issue. But I'm wondering if it needs to be applied, given that it's 5 years old, or can this be ignored?

谢谢

推荐答案

这取决于您的应用是否必须支持 Android 4.3 及更早版本，以及您在应用中使用 SecureRandom 的原因(例如，用于信息安全或安全通信)，以及不使用该页面上建议的修复程序来修补旧版本应用程序中 SecureRandom 使用的安全风险.但是请注意，根据 Distribution Dashboard，只有大约 3.5% 的 Android最近访问过 Google Play 商店的设备运行版本 4.3 及更早版本.如果 minSdkVersion 高于 10，对于您的应用来说，这个百分比可能会更低，而且这个百分比可能会随着时间的推移而减少.

That depends on whether your app must support Android versions 4.3 and earlier, as well as why you are using SecureRandom in your app (e.g., for information security or secure communications), and the security risk of not using the fix suggested at that page to patch uses of SecureRandom in your app in older versions. Note, however, that according to the Distribution Dashboard, only about 3.5% of Android devices that recently visited the Google Play store ran version 4.3 and earlier. This percentage will likely be less for your app if the minSdkVersion is higher than 10, and this percentage will likely dwindle as time goes by.

这篇关于Android gradle lint 错误“Weak RNG"还需要考虑吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！