[downer73]

No thanks.

My banking app does not need access to my phone's camera "for security" purposes.

My banking app will more than likely be snapping photos of me at the time of the transaction, encrypting them, and then transmitting the images back to themselves as opaque binary blobs (claiming that they are part of the normal transaction data, even though they add 3MB to the bandwidth, because security), and retaining them for audit, in case there's a security breach, and securing their unfortunate scenario for their own purposes with ordinary photographic information, and never actually generating "quantum" random seed information (their database fell into the wrong hands, but they have upwards of 20,000 distinct, recognizable faces as a starting point for a possible ID during the subsequent postmortem and investigation). All while receiving kickbacks from the NSA for for sharing geotagged facial recognition images for their world domination scheme.

In this situation, cameras become a dual-use technology. Maybe they're used for a QRNG or maybe something else?

How would I honestly ever know whether my bank was lying to me about what it's really using my camera for?

[sexmonad]

The obvious solution for this would be for Android to expose "derive random numbers from image frame" as a permission. But this is unnecessary, because they can just seed /dev/random from this source at boot (or if the device is unseeded).

That said, mobile devices really aren't lacking in entropy sources. With all the radios and sensors in a modern smartphone, why do they need additional methods to generate random numbers?

For information security purposes, a cryptographically secure PRNG is typically at least as secure as the encryption algorithms that it protects.