Current javadoc for java.security.SecureRandom class states that when new SecureRandom() is called, it'll:
-------------------
Constructs a secure random number generator (RNG) implementing the default random number algorithm.

This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports a SecureRandom (RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned. 
-------------------
However, it didn't state what happens when a provider supports multiple algorithms of RNG, which one would be used. 

Among default JDK providers, SUN provider is the only one which supports multiple SecureRandom algorithms. Prior to JDK-7092821, the SUN provider returns SecureRandom services in certain ordering. However, this "ordering" approach maybe fragile and obscure. We should consider a public mechanism such as a "SecureRandom.DEFAULT" alias or maybe attributes so java.security.SecureRandom class can quickly locate the default RNG impl as it iterate through providers.

Without this public mechanism, SecureRandom class iterates
through providers, retrieve all its supported services and use the first SecureRandom service it finds except for SUN provider whose default is indicated by SunEntries.DEF_SECURE_RANDOM_ALGO (see https://bugs.openjdk.java.net/browse/JDK-8228613).