From the mail bag: Is Android affected by the recent Java security issues?

Russ8611 writes, 

Hello Androidcentral! I was just curious if any of you guys feel like reporting on the Java vulnerability and let us know how it affects Android as a platform. I know most people say they don't need Java on their computers, but isn't Java needed by Android, especially by developers? Thanks!!!

That's a nasty mess, isn't it?

Java means a few different things, depending on how you're talking about it. The Java that's in the news with a heck of an exploit floating around is the Java that you install to your computer as an application  platform. Almost every desktop operating system can run programs built for Java, because Java is a platform that runs inside and on top of your operating system. It sounds a bit confusing, but think of it as a virtual machine that can run code built and compiled a certain way. There's more to the Java platform than the virtual machine, but most people will never need any of it and have no idea that it's even installed.

We install Java on our computers so we can run programs. Some of those programs can originate on the web. Remember, this isn't JavaScript that runs inside the browser, this is code that will start up that virtual machine we talked about earlier. That's where things got sticky over the weekend. The component that runs as a browser plugin was exploited. Since Java is cross-platform, that means Windows, OSX, and Linux distributions could be affected.

But not Android. It's immune to the recent security issues.

Android doesn't use Java in the browser, and the Java-esque software in the OS is different and not affected.  Thankfully, our Android devices are immune. But you bring up a good point about developers. To use most of the Android development tools or to build Android from source, you need the entire Java platform installed on your computer. Most people will be using Oracle's Java, which means most people developing for Android were vulnerable.

I say were vulnerable, because Oracle has patched the exploit as of late Sunday evening. Remember, we don't have to do anything for our Android devices, but anyone using Java should head over to Oracle's Java site and get the updated version. For more information be sure to read Oracle's security alert about the exploit and patch.

Have a question you need answered? (Preferably about Android, but we're flexible.) Hit up our Contact Page to get in touch!

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.