Skip to main content

Google acknowledges critical Bitcoin flaw in Android (and bug fixes are released)

PayPal won't let you buy Bitcoins
Image used with permission by copyright holder

Do any of you own any bitcoins? Fractions of a bitcoin? We’d love to know if you do, and issue you a lovely little warning: if you’re holding any bitcoins on an Android phone or tablet, you may want to store your stash elsewhere. Because of a bug in the way Android generates random numbers, those who use Android devices are at risk of digital theft, according to Bitcoin.org.

Updated on 8-15-2013 by Jeffrey Van Camp: Alex Klyubin, a Google Security Engineer on the Android team has acknowledged that this is a legitimate flaw in Android. The problem, as often seems to be the case, is Java.”Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” said Klyubin. Translated out of geek speak, that means that Android is, as we thought, not generating random numbers correctly. 

You can find some patch code from Google on its official Android blog. We’ve also updated the links below because patches for all wallets have now been issued.

Article originally published on 8-12-2013.

How to know if you’re affected: There appears to be a flaw in Google’s Android operating system, making it impossible for the OS to generate “secure random numbers,” which are needed to encrypt Bitcoin transactions.. This affects those who use Bitcoin wallet apps like Bitcoin Wallet, Blockchain.info, BitcoinSpinner, and Mycelium Wallet. Some apps, like Coinbase and Mt Gox are still secure because they don’t rely on the Android OS to generate their numbers. Every one of these apps now has a patch available to fix this vulnerability, which you can find here: Mycelium Wallet patchBitcoin Wallet patch, BitcoinSpinner patch, Blockchain.info patch.

How to to re-secure your wallet: To protect yourself, Bitcoin.org recommends you do a “key rotation” to your bitcoins. Download the fix for your Wallet app in the Google Play Store as soon as it’s available, generate a new address with the repaired random number generator, and then send your bitcoins from yourself to yourself. If anyone has “stored addresses” from your device previous to the fix, you need to contact them and give them a new one. You ca also send your bitcoins to your computer until you fix up your Android wallet.

We’re hoping those of you with actual bitcoins will understand that process better than we do. Currently, we’re bitcoin broke, so we cannot test this fix. 

If you own any bitcoins, let us know below. Have you purchased anything with them? Why do you like or dislike the platform? We’re a “bit” curious.

Jeffrey Van Camp
Former Digital Trends Contributor
As DT's Deputy Editor, Jeff helps oversee editorial operations at Digital Trends. Previously, he ran the site's…
Android 12 is out. Or is it? Here’s why we think Google delayed the release
Android 12 teaser images

Google released the full version of Android 12 on October 4. Or did it? The truth is that Google kinda-sorta released the full version by pushing the source to the Android Open Source Project and making builds available for sideloading. What Google did not do is release the full version of Android 12 to Pixel phones via an over-the-air (OTA) update.

According to Google, the OTA update will roll out to the Pixel phones in the next few weeks and to Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." That's a bit disappointing, to say the least.

Read more
Google releases Pixel Buds A-Series: $99 no-frills earbuds for Android fans
Google Pixel Buds Series-A

The Google Pixel Buds A-Series are here, and as expected, they're a more affordable version of Google's previous true wireless earbuds. They achieve their lower price ($99 versus $179) by ditching a few features, but on the whole, they offer a very similar experience. Available in all-white and a new olive green color, pre-orders begin today and Google expects them to start shipping by June 17.

When Google launched the second version of the Pixel Buds (the first version wasn't a true wireless design), its signature features were hands-free access to the Google Assistant by simply saying the wake words "Hey Google," as well as a real-time translation capability.

Read more
Google pushes back Android 11 beta release amid U.S. social unrest
Android logo on smartphone

Google has postponed the launch of the Android 11 beta, deciding that it is simply not the right time to push through with the virtual event.

The latest public beta for Android was supposed to make its debut at the Google I/O conference on May 12 to May 14, but the annual event was canceled due to the COVID-19 pandemic. The unveiling was then moved to a livestream on June 3 titled Android 11: The Beta Launch Show, which Google said would include a Q&A portion for anyone to ask questions.

Read more