Android low entropy demystified

Abstract

We look into the issue that the amount of entropy kept by the pseudorandom number generator (PRNG) of Android is constantly low. We find that the accusation against this issue of causing poor performance and low frame rate experienced by users is ungrounded. We also investigate possible security vulnerabilities resulting from this issue. We find that this issue does not affect the quality of random numbers that are generated by the PRNG and used in Android applications because recent Android devices do not lack entropy sources. However, we identify a vulnerability in which the stack canary for all future Android applications is generated earlier than the PRNG is properly setup. This vulnerability makes stack overflow simpler and threats Android applications linked with native code (through NDK) as well as Dalvik VM instances. An attacker could nullify the stack protecting mechanism, given the knowledge of the time of boot or a malicious app running on the victim device. This vulnerability also affects the address space layout randomization (ASLR) mechanism on Android, and can turn it from a weak protection to void. We discuss in this paper several possible attacks against this vulnerability as well as ways of defending. As this vulnerability is rooted in an essential Android design choice since the very first version, it is difficult to fix.