Bitcoin is still emerging as an online currency, and that means issues are sure to pop up in the way it's implemented. This time there's an Android-specific problem. It turns out there's a weakness in the way Android generates random secure numbers (the Java SecureRandom class), which most Bitcoin apps use to create wallet IDs. That means an attacker could possibly figure out your wallet key and swipe your digital cash.

Anyone that generated a Bitcoin wallet key on an Android device is potentially affected (even if it is no longer used on Android). Keys generated elsewhere and simply used on Android are not vulnerable to the potential attack. Similarly, any app that uses a web service like Mt. Gox or Coinbase to create a random ID is fine. Most apps are rolling out patches to replace the default SecureRandom implementation with their own.

Users of the affected apps will have to take action to make sure their money isn't vulnerable after the update. Everyone will need to generate a new wallet ID, then send all their Bitcoins to the new address and stop using the old one. The popular Mycelium Bitcoin Wallet has already been updated, and Bitcoin Wallet is in beta testing. It's not clear how severe the problem with Google's implementation of SecureRandom is, or if it affects other types of apps. Still, better safe than sorry.