So... if I understand this correctly, the vulnerability is in the fact that since they mac-then-encrypt, the data must be decrypted before the HMAC can be validated. SO, in theory, it opens up the possibility of a side-channel attack, but I don't see how the encryption is actually "broken"
If you are doing biological simulations, I'm pretty sure you'd want to use an actual random source, rather than psuedo-random. You even state yourself, the result isn't what you would want. Leave PRNG to things like computer game AI and song playlist randomization.
but the era of SD supporting devices is fading away
No it isn't. Not at all. The latest gen phones not supporting an SD card is a stupid marketing trick to get you to purchase a phone with larger internal capacity. This says absolutely nothing about anything else. Sane portable devices will still use an expandable memory slot for a long long time to come.