Skip to content

java.lang.SecurityException in PRNGFixes.java

Daniel Dobalian edited this page Jul 12, 2018 · 3 revisions

Context

On Android API version 16, 17, 18 devices, a java.lang.SecurityException is generated after performing an AcquireToken(...) request. This issue resulted in potential app crashes and SDK failures for users on these device versions.

This code (PRNGFixes.java) is recommended by Android as an improved security mechanism for initializing Android's OpenSSL PRNG. For more details of the details of the bug inside ADAL, please see our description inside the issue.

Sample Error/Exception

E/AndroidRuntime: FATAL EXCEPTION: main
                  java.lang.SecurityException: Failed to read from /dev/urandom
                      at com.microsoft.aad.adal.PRNGFixes$LinuxPRNGSecureRandom.engineNextBytes(PRNGFixes.java:259)
                      at java.security.SecureRandom.nextBytes(SecureRandom.java:273)
                      at java.util.UUID.randomUUID(UUID.java:130)
                      at com.microsoft.aad.adal.AuthenticationContext.getRequestCorrelationId(AuthenticationContext.java:1062)
                      at com.microsoft.aad.adal.AuthenticationContext.acquireToken(AuthenticationContext.java:351)

[...]

Mitigation

Update your app to ADAL 1.14.1 or higher.

Clone this wiki locally