Google has verified that a vulnerability that existed within Android allowed for the reported theft of up to 55 bitcoins over the weekend.
“We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialisation of the underlying PRNG (Pseudorandom number generator),” said Alex Klyubin, Android security engineer, in a blog post.