It seems that’s a common question these days. A lot of us use Android systems and some of us have heard that Android is programmed in Java. So, are the Java security issues we read about in the news an issue for our Android devices and should we be concerned?
The answer is, “No. Don’t worry” – at least about these issues.
First, while Android devices are programmed in Java, they do not use the Oracle (formerly Sun) Java interpreter called the Java Virtual Machine or JVM. They don’t even use code derived from that. They use something called Dalvik. It is a specialized virtual machine whose fundamental structure is quite different from the JVM.
So what’s a virtual machine (VM) and how can Java run on different ones? First let’s look at the words virtual and machine: “virtual” means something like “pretend” and “machine” is sort of slang for “computer” so the JVM is a “pretend computer” that has instructions (“machine code”) just like a physical CPU does. It’s really just a program. The instructions are different from a traditional CPU but one could build a physical CPU to run the JVM instructions.
The way a VM works is that it reads one or more bytes (called a “bytecode”) from memory and does something, such as add two numbers, based on what it read. VM’s have been around a long time. The Pascal language was translated into bytecode and the FORTH language was a direct expression of the bytecode – each statement in the language corresponded to an instruction byte. The Davlik is another bytecode interpreter with different instructions. A language can generally be compiled or translated to run on multiple architectures. The C language, for instance, runs on almost all hardware platforms including ARM, intel x86, Motorola and other types of processors. C and other languages can even compile to Java bytecode. Likewise, Java source code can be compiled for the JVM or for Dalvik.
These new Java exploits won’t be an issue for those of you who took my advice (and the advice of others) to disable Java in your browsers. It’s not an issue for Android users either. Android is not a security panacea and may have other issues including malware, of course. For more on Android security, check out Learning Tree Course #2781, Mobile Application and Device Security.
Did you disable Java? Have you been hit by any of the Java bugs? Let us know in the comments below.