silpol » from archive
""We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG," he wrote. "Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected." Apps that establish encrypted connections using the HttpClient and java.net classes aren't vulnerable." ‎- silpol
the battle of /dev/random vs /dev/urandom :-/ ‎- silpol