Motivation and design principle underlying the configurable
Hardware Pseudo-Random Number Generator (HW PRNG)
An Hardware Pseudo-Random Number Generator (HW PRNG) commonly employed for cryptographic and other security-related applications is potentially much safer than a Software Pseudo-Random Number Generator (SW PRNG), as the entropy is gathered from a physical process embedded in hardware, therefore it is usually very desirable to have such a feature, as provided by the chipset manufacturer.
However, many people are concerned with the fact that an Hardware PRNG can be defective by design (e.g. it might contain weaknesses deliberately introduced to aid foreign intelligence or corporates' commercial espionage activities) or by mistake: consider that if there is a fault in hardware it cannot be fixed, at the most it can only be weakly "mitigated" in software and that rarely happens.
On the other hand, with an open-source Software PRNG, deliberate or unintentional weaknesses can usually be spotted in a timely manner and fixed at anytime by anyone (including the end-user, if he/she is skilled enough), although the PRNG itself might provide less entropy than its hardware counterpart.
Always consider that the distribution unfortunately contains some closed-source software libraries by the chipset manufacturer, because they have not been released as open-source and therefore cannot be updated, inspected and rebuilt independently, so that is probably a much weaker point, although the custom SELinux policy (not enforced in the original firmware by the phone manufacturer) might be able to contain most risky attack vectors arising from weaknesses in those libraries.
The Android 4.4.4 "KitKat" OS hardened binary distribution for the Sony Xperia E3 (D2203, D2206, D2243, D2202) devices is available here: Android 4.4.4 KitKat hardened binary distribution
Android is Copyright (C) 2007-2023 by the Android Open Source Project
and is a trademark of Google Inc.
Xperia is a trademark of Sony Mobile Communications Inc.
Copyright © 2007-2023 Guido Trentalancia. All rights reserved.