Replace MD5 hash function with a non-broken one in Checksum.java

[kypeli]

MD5 is considered a broken cryptographic hash function. Please use some other hash function instead, like SHA-1 or SHA-2.

MD5 is used in this file https://github.com/matomo-org/matomo-sdk-android/blob/master/tracker/src/main/java/org/matomo/sdk/tools/Checksum.java

[d4rken]

The SDK does not use the checksum to secure any secrets.
It's purely an identifier for for the APK file.
For this use-case it only matters that it is fast, and collisions are reasonably rare, while old, MD5 still fulfills that 🍻.

I don't see any benefit in changing it, it would also break the existing statistics data for everyone that updates.
I'd argue that this is working as intended.
Thoughts @hannesa2 ?

[hannesa2]

It's purely an identifier for for the APK file.

As long as it's not a real security issue, all is fine.
Sure, I would not say, it will never done.
I see this as an open source project, where everyone is warmly welcome to improve it with pull requests.