Never use RAND()
There is a long history of bad random number generators in operating systems. At Bell Labs, Jim Reeds and I implemented a series of statistical randomness tests (Knuth's plus others) to explore this problem. BSD 4.something was out then, and my lab was using it. The random generator was a linear feedback type, and it failed the tests badly. Jim and I discovered that there was an off-by-one mistake in the position of the feedback tap, but when we contacted the student at UCB who wrote it, he told us to fuck off. Even today, you can find both the fixed and the broken version of this generator in UNIX distributions. Of course the random generator in windows was always terrible (16 bits, like this apple subroutine).
A very good generator is Marsaglia's multiply-with-carry. Fast, simple, and it passes every test I've ever tried.
unsigned ML_nMarsagliaX = 886459;
unsigned ML_nMarsagliaC = 361290869;
unsigned
ML_RandomUnsigned()
{
unsigned __int64 n;
n = __emulu(1965537969, ML_nMarsagliaX);
n = n + ML_nMarsagliaC;
ML_nMarsagliaX = unsigned(n & 0xFFFFFFFF);
ML_nMarsagliaC = unsigned(n >> 32);
return ML_nMarsagliaX;
}
These are not cryptographically strong generators, and I'm not sure what iOS is doing with them. They are appropriate for things like monte carlo calculations and simulations, but not for cryptography.