One of the great things about Android using Java as the core programming language is that it includes the Java Cryptographic Extensions (JCE). JCE is a well-established, tested set of security APIs. Android uses Bouncy Castle as the open source implementation of those APIs. However, the Bouncy Castle version varies between Android versions; and only the newer versions of Android get the latest fixes. That's not all in an effort to reduce the size of Bouncy Castle; Android customizes the Bouncy Castle libraries and removes some of the services and APIs. For example, if you intend on using Elliptic Curve Cryptography (ECC ), you will see provider errors when running it on Android versions below 4.0. Also, although Bouncy ...