Ensuring the secure utilization of the _fopen, _memcpy, _random, and _strlen functions in SQLCipher:

Greetings, Zetetic community!
We’ve incorporated SQLCipher into an iOS application. However, during a security audit conducted with the MobSF tool, alerts were raised regarding the usage of certain functions.

Issue: Binary makes use of insecure API(s)
Severity: High
Description: The binary may contain the following insecure API(s) _fopen , _memcpy , _strlen

Issue: Binary makes use of the insecure Random function(s)
Severity: High
Description: The binary may use the following insecure Random function(s) _random.

Issue: Binary makes use of malloc function
Severity: High
Description: The binary may use _malloc function.

Is the implementation of the above functions is free of vulnerabilities?. Furthermore, can it be confirmed that the implementations of the aforementioned functions are secure within this context?

Thank you in advance.

Hello @Mugil_Prince, yes, SQLCipher is a low level library. It does make use of fopen, memcpy, strlen, random, and malloc. This is both within the context of the upstream SQLite source code as well as within our library extensions. The use of the random function is limited to the SQLite random() function, it is not used by SQLCipher for any cryptographic purposes. To the best of our knowledge the use of these functions is consistent with good practices.