2

I need to compile an app that will run on an Android, or Android compatible system (Android, Amazon Fire, or Blackberry).

The developer documentation says that JDK 7 is needed, however there are incremental U updates available from Sun

Does it matter, from a security perspective, which version of 7.x JDK was used to compile an application?

If it is an issue, how can I inspect an APK to determine what version it was compiled with?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • Probably a better question for StackOverflow. –  Aug 21 '15 at 21:52
  • I missed that part, my bad. –  Aug 21 '15 at 23:45
  • The Android SDK converts the Java byte code into a dedicated byte code for the Dalvik virtual machine. If there is any faulty byte code generated by the Sun or Oracle compiler the dex conversion step may already choke on it or fix it. If the security flaw is in the Java API itself then there is also nothing to worry about because Android has its own implementation of it. Ultimately you could switch to OpenJDK instead. – tiguchi Aug 22 '15 at 03:29
  • @NobuGames This could be a valuable answer, and not subject to deletion or non indexing as a comment. Why is OpenJDK better? How does it compare? Would there be support issues if I used it with Android? (or Xamarin for that matter?) – makerofthings7 Aug 22 '15 at 04:27
  • I had a related question in the back of my head where an Android developer was worrying about the end of life Oracle's Java 7 and fearing security issues. That's why I mentioned OpenJDK, because it looks like the "OpenJDK 7 Update" project still accepts fixes for critical security issues: https://wiki.openjdk.java.net/display/jdk7u/Main – tiguchi Aug 22 '15 at 16:57

0 Answers0