Hello Androidcentral! I was just curious if any of you guys feel like reporting on the Java vulnerability and let us know how it affects Android as a platform. I know most people say they don't need Java on their computers, but isn't Java needed by Android, especially by developers? Thanks!!!
That's a nasty mess, isn't it?
Java means a few different things, depending on how you're talking about it. The Java that's in the news with a heck of an exploit floating around is the Java that you install to your computer as an application platform. Almost every desktop operating system can run programs built for Java, because Java is a platform that runs inside and on top of your operating system. It sounds a bit confusing, but think of it as a virtual machine that can run code built and compiled a certain way. There's more to the Java platform than the virtual machine, but most people will never need any of it and have no idea that it's even installed.
But not Android. It's immune to the recent security issues.
Android doesn't use Java in the browser, and the Java-esque software in the OS is different and not affected. Thankfully, our Android devices are immune. But you bring up a good point about developers. To use most of the Android development tools or to build Android from source, you need the entire Java platform installed on your computer. Most people will be using Oracle's Java, which means most people developing for Android were vulnerable.
I say were vulnerable, because Oracle has patched the exploit as of late Sunday evening. Remember, we don't have to do anything for our Android devices, but anyone using Java should head over to Oracle's Java site and get the updated version. For more information be sure to read Oracle's security alert about the exploit and patch.
Have a question you need answered? (Preferably about Android, but we're flexible.) Hit up our Contact Page to get in touch!