How do the recent java vulnerabilities affect Android and programming?

Question

Are the recent vulnerabilities to Java also a threat to Android systems which are primarily programmed in Java? I've already disabled and uninstalled Java from my computer as many people are recommending to protect from these exploits. Should I also be concerned about my Android device? Lastly, does this affect programming in Java and/ or for Android devices?

Thanks

Answer 1

I don't know much about the details of this particular vulnerability but it's worth noting that Android doesn't use Oracle's JVM, it uses Dalvik, which is a very different VM with a different architecture. It can't even run standard Java bytecode without it being converted first.

Given the differences between the VMs and the fact that there shouldn't be any common code, an exploit for one is highly unlikely to be valid for the other.

Answer 2

Considering Android runs on a version of Java made by Google, it depends on what the vulnerabilities are. I'm inclined to say there is no effect as the hoopla seems to be surrounding desktop versions and the way it interact with the file system.

Answer 3

They don't.

The recent Java vulnerabilities only cover scenarios where you run Java in an applet context and only concern Oracle's JVM. The context of an applet is restricted and has certain privileges, and these recent vulnerabilities circumvent these privileges to gain higher ones, namely, the full privileges of the user running your browser, instead of the privileges granted by the plugin's security context.

In Android, the JVM already has access to everything the running user has access to (and the same goes for application servers, save for a more restricted policy), so you don't have to worry about it.