Bitcoin is still emerging as an online currency, and that means issues are sure to pop up in the way it's implemented. This time there's an Android-specific problem. It turns out there's a weakness in the way Android generates random secure numbers (the Java SecureRandom class), which most Bitcoin apps use to create wallet IDs. That means an attacker could possibly figure out your wallet key and swipe your digital cash.

Anyone that generated a Bitcoin wallet key on an Android device is potentially affected (even if it is no longer used on Android). Keys generated elsewhere and simply used on Android are not vulnerable to the potential attack. Similarly, any app that uses a web service like Mt. Gox or Coinbase to create a random ID is fine. Most apps are rolling out patches to replace the default SecureRandom implementation with their own.

Users of the affected apps will have to take action to make sure their money isn't vulnerable after the update. Everyone will need to generate a new wallet ID, then send all their Bitcoins to the new address and stop using the old one. The popular Mycelium Bitcoin Wallet has already been updated, and Bitcoin Wallet is in beta testing. It's not clear how severe the problem with Google's implementation of SecureRandom is, or if it affects other types of apps. Still, better safe than sorry.


Ryan Whitwam
Ryan is a tech/science writer, skeptic, lover of all things electronic, and Android fan. In his spare time he reads golden-age sci-fi and sleeps, but rarely at the same time. His wife tolerates him as few would.

He's the author of a sci-fi novel called The Crooked City, which is available on Amazon and Google Play. http://goo.gl/WQIXBM

  • Guest

    The title of this article is misleading - the bug lies in Java's SecureRandom class (http://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html), not an Android-specific class. It does still mean that Android is affected, however it really should be up to Oracle to patch this bug (and Google will pull the change to Android), unless Google temporarily overrides the behaviour of SecureRandom to squash this bug.

    • Robert

      your link is not working

    • William

      You are misinformed, android does not run java.

      • naysayer

        No, that would be you. Android utilizes a lot of code from Apache Harmony, a free Java implementation.

        • didibus

          "Apache Harmony is retired at the Apache Software Foundation since Nov 16, 2011" - http://harmony.apache.org


          • naysayer

            Yes, but you know what? It's still part of Android. Go figure.

          • didibus

            Not really, Android forked a subset of Apache Harmony a long time ago. It's now a completely different branch of it's own, only historically related to Apache Harmony, and it's entirely up to the Android project to fix the problems that might be inherent to SecureRandom.

          • naysayer

            It appears that you want to debate semantics.

          • didibus

            I'm not debating anything. I quoted the Apache Harmony website, and made it obvious that Oracle Java, Apache Harmony, and Android Java are all different. If you are a dev, and think they are the same, you are in for a lot of trouble and confusion, it will slow down your learning process quite a bit.

            I was also addressing the original comment, by showing that it is not at all Oracle's fault or responsibility and it's obviously not Apache Harmony's responsibility any more to fix the problems of the SecureRandom class Android uses (since they have shut down the project).

            Why don't you just go to bed knowing you cleared up some of your confusion about Android's implementation of java, and feel happy about it, instead of trying to defend yourself just so you can feel like you've won.

    • http://www.androidpolice.com/ Artem Russakovskii

      Of course it's an Android bug because it's a bug in a function that Android uses. Doesn't matter where under the hood it came from. It's not a bug directly contributed by Android developers perhaps, but it's still a bug that exists in Android.

      • didibus

        Agreed, this is not a third party library, it comes as part of the standard Android API.

    • didibus

      Android does not use the Oracle Java Standard library, it uses it's own standard library, which was initially derived form Apache Harmony.

    • Pierre Gardin

      "it really should be up to Oracle to patch this bug"

      thx for the laugh

  • naysayer

    I wonder if they just didn't use SecureRandom correctly: http://developer.android.com/reference/java/security/SecureRandom.html
    What they write is suspiciously low on information.

    • lljktechnogeek

      Given the median intelligence of the type of people who would create a Bitcoin wallet app for Android, I'm going to go with "they used the seeded constructor" myself.

  • Omar


  • Floss

    A problem with SecureRandom is pretty huge, and the bitcoin side affect is relatively unimportant. Any info on what is actually wrong with the base implementation?

    • Pierre Gardin

      These comments on the Reddit thread resume it all:

      [–]fuckershitfuck 5 points 1 jour de ça

      Is this actually an issue with SecureRandom? Did you just use it unseeded or something? What's the specific problem, has it been reported?

      [–]HydrophobicWater 3 points

      Nope, no reports, we rumors now.