Currently, I'm looking for a way to increase the quality of randomness in my Android application (a card game). Previously, it was estimated that for my situation (52! permutation) at least 226 bits of entropy (226 random bits) are needed..
I'm planning to use this byte[] as a seed for SecureRandom:
SecureRandom random = new SecureRandom();
random.setSeed(/* insert seed here, byte[] */)
The question is -- Where can I reliably get random bits in this amount (at least 226 bits) on Android, preferably without requiring any permissions and without internet. Also, it should work regardless of device and API level.
On Java 8+ you can use
SecureRandom rand = SecureRandom.getInstanceStrong();
To get the strongest randomness available on your platform. To be explicit you can use
SecureRandom rand = SecureRandom.getInstance("NativePRNGBlocking");
which use the entropy of /dev/random on Linux like systems. However, I expect it will fail if not available.
https://www.synopsys.com/blogs/software-security/proper-use-of-javas-securerandom/
Alternatively
You could create randomness based on the user's input by taking a SHA256 or higher of the System.nanoTime() of previous events.