Skip to main content
  1. Home
  2. Phones
  3. Android
  4. Mobile
  5. Legacy Archives

Google acknowledges critical Bitcoin flaw in Android (and bug fixes are released)

Add as a preferred source on Google

Do any of you own any bitcoins? Fractions of a bitcoin? We’d love to know if you do, and issue you a lovely little warning: if you’re holding any bitcoins on an Android phone or tablet, you may want to store your stash elsewhere. Because of a bug in the way Android generates random numbers, those who use Android devices are at risk of digital theft, according to Bitcoin.org.

Updated on 8-15-2013 by Jeffrey Van Camp: Alex Klyubin, a Google Security Engineer on the Android team has acknowledged that this is a legitimate flaw in Android. The problem, as often seems to be the case, is Java.”Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” said Klyubin. Translated out of geek speak, that means that Android is, as we thought, not generating random numbers correctly. 

Recommended Videos

You can find some patch code from Google on its official Android blog. We’ve also updated the links below because patches for all wallets have now been issued.

Article originally published on 8-12-2013.

How to know if you’re affected: There appears to be a flaw in Google’s Android operating system, making it impossible for the OS to generate “secure random numbers,” which are needed to encrypt Bitcoin transactions.. This affects those who use Bitcoin wallet apps like Bitcoin Wallet, Blockchain.info, BitcoinSpinner, and Mycelium Wallet. Some apps, like Coinbase and Mt Gox are still secure because they don’t rely on the Android OS to generate their numbers. Every one of these apps now has a patch available to fix this vulnerability, which you can find here: Mycelium Wallet patchBitcoin Wallet patch, BitcoinSpinner patch, Blockchain.info patch.

How to to re-secure your wallet: To protect yourself, Bitcoin.org recommends you do a “key rotation” to your bitcoins. Download the fix for your Wallet app in the Google Play Store as soon as it’s available, generate a new address with the repaired random number generator, and then send your bitcoins from yourself to yourself. If anyone has “stored addresses” from your device previous to the fix, you need to contact them and give them a new one. You ca also send your bitcoins to your computer until you fix up your Android wallet.

We’re hoping those of you with actual bitcoins will understand that process better than we do. Currently, we’re bitcoin broke, so we cannot test this fix. 

If you own any bitcoins, let us know below. Have you purchased anything with them? Why do you like or dislike the platform? We’re a “bit” curious.

Jeffrey Van Camp
As DT's Deputy Editor, Jeff helps oversee editorial operations at Digital Trends. Previously, he ran the site's…
How to install iOS 27 public beta on your iPhone?
iOS 27’s public beta is here, and its loaded with new features and experiences you might want to try.
iOS 27 beta update open on iPhone

After iOS 27’s third developer beta shipped on July 6, Apple released the first public betas for iOS 27 on July 13, 2026. While the main additions remain the same across the builds, the latter is the more refined and polished version, free of rudimentary bugs and glitches.

If you have a compatible iPhone, you can install the first public beta of iOS 27 today and experience the new Siri AI and other features yourself, provided that you know exactly what to do.

Read more
This Android malware can spy on your screen, read your texts, and control your phone remotely
Upgraded RedHook Android malware now abuses Android's built-in Wireless ADB to hijack your phone without root access.
android-redhook-malware

A nastier version of the RedHook Android malware is making the rounds, and it does not need a USB cable or a rooted phone to take over your device. Researchers at Group-IB discovered the upgraded variant, which is a significant step up from the version spotted in 2025. The scariest part? It uses one of Android's own built-in tools to do it.

How RedHook malware tricks your Android phone into handing over control

Read more
iOS 27’s public beta is finally here, and you don’t need a developer account to get in
Siri's biggest comeback is finally leaving the lab.
iOS 27 new star rating feature in Photos

Greg Joswiak just made it official. A few minutes ago, Apple's marketing chief confirmed the availability of public betas for iOS 27, macOS 27, iPadOS 27, and other Apple devices.

If you've spent the last month watching developers gush over Siri AI, patiently waiting for the public beta, that wait is over.

Read more