DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Swift

Swift

Made by DeepSource
Use Analyzer

Audit: Use of legacy functions to generate random values can be insecure SW-A1000

Security
Critical

Legacy functions like arc4random() or arc4random_uniform() should not be used for generating random numbers.

These functions are provided through imported C APIs, and depending on the platform that is executing the code, their underlying implementations can be unsafe. For example, in versions prior to macOS 10.12 and iOS 10, arc4random() utilized the RC4 algorithm which is now considered to be cryptographically insecure.

Starting with Swift 4.2, the language has introduced functions within the standard library that can be used to generate random values securely. It is generally recommended to use these set of standard functions over the legacy functions.

Bad Practice

let randomValue = arc4random_uniform(100)

Recommended

let randomValue = Int.random(in: 0..<100)