Skip to content

java.lang.SecurityException in PRNGFixes.java

Jump to bottom
Daniel Dobalian edited this page Jul 12, 2018 · 3 revisions

Context

On Android API version 16, 17, 18 devices, a java.lang.SecurityException is generated after performing an AcquireToken(...) request. This issue resulted in potential app crashes and SDK failures for users on these device versions.

This code (PRNGFixes.java) is recommended by Android as an improved security mechanism for initializing Android's OpenSSL PRNG. For more details of the details of the bug inside ADAL, please see our description inside the issue.

Sample Error/Exception

E/AndroidRuntime: FATAL EXCEPTION: main
                  java.lang.SecurityException: Failed to read from /dev/urandom
                      at com.microsoft.aad.adal.PRNGFixes$LinuxPRNGSecureRandom.engineNextBytes(PRNGFixes.java:259)
                      at java.security.SecureRandom.nextBytes(SecureRandom.java:273)
                      at java.util.UUID.randomUUID(UUID.java:130)
                      at com.microsoft.aad.adal.AuthenticationContext.getRequestCorrelationId(AuthenticationContext.java:1062)
                      at com.microsoft.aad.adal.AuthenticationContext.acquireToken(AuthenticationContext.java:351)

[...]

Mitigation

Update your app to ADAL 1.14.1 or higher.

Getting started with ADAL Android

Configure, build, and test

Advanced topics

FAQ & Common Issues

News

Other resources

Clone this wiki locally