Veracode Vulnerability Question with arc4random (ApptentiveUtilities.m, line 187) and rand (ApptentiveRetryPolicy.m, line 43) (

[reggie3]

Hello, We were doing a Veracode scan on our app using this library. Veracode highlighted the following two vulnerabilities related to randomness for the calls in the line ApptentiveUtilities.m on line 187 and ApptentiveRetryPolicy.m on line 43.

Insufficient Entropy

Standard random number generators do not provide a sufficient amount of entropy when used for security purposes. Attackers can brute force the output of pseudorandom number generators such as rand(). <<<<<<<<<<<<<<<<

I have to write up a mitigation report, and I was hoping you could tell me what those calls are used for; if they are related to generating any security related data, or used in the process of creating security related data, etc.