We use this library in our android app. A Veracode Vulnerability scan reported the below issue in this library.

http://cwe.mitre.org/data/definitions/780.html
CWE-780: Use of RSA Algorithm without OAEP

The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

File - AbstractRSA.java

private Cipher getCipher() {
try {
return Cipher.getInstance("RSA/ECB/PKCS1Padding");
} catch (Exception e) {
return null;
}
}

I ran into this issue as well. I made a fix that updates to OAEPPadding:
14ca6a5, but the caveat is that this will cause problems for Android < 23 as per https://developer.android.com/training/articles/keystore#SupportedCiphers. Some work is needed to make sure it keeps working on those lower APIs, but then again, it will probably still trigger the Vulnerability scan if you would do that.