[cheese1756]

Which usually isn't cryptographically secure. So now you need to audit the random number generator and make sure that it has no known holes, including obscure edge cases. And then you need to confirm that any implementation is correct and audited.

That quickly takes you down a rabbit hole, which may be why the contract was so expensive.

[Karunamon]

This is iOS we're talking about. The CSPRNG provided as part of Swift or Obj-C's standard library has likely already been audited for use on other govt. projects.

http://stackoverflow.com/questions/9234686/generating-random...

[cheese1756]

Great point. Thanks for the link!

[imtringued]

Oh you need a cryptographically secure RNG? Assuming the app is written for android just replace Random with SecureRandom. Here's your $100,000 invoice.