Initialization vectors should be randomly generated for proper security guarantees.Β #76
Description
As part of some research about the common crypto mistakes that developers make, I noticed that your application has one of them.
In EncryptionUtil.getCipher you're initializing a Cipher instance with a static IV which is insecure.
One possible solution would be to generate the initialization vector using SecureRandom:
byte[] iv = new byte[16];
new SecureRandom().nextBytes(iv);