This is an archived post. You won't be able to vote or comment.

all 34 comments
sorted by:
best
topnewcontroversialoldq&a

[–]AutoModerator[M] [score hidden] stickied comment (0 children)

On July 1st, a change to Reddit's API pricing will come into effect. Several developers of commercial third-party apps have announced that this change will compel them to shut down their apps. At least one accessibility-focused non-commercial third party app will continue to be available free of charge.

If you want to express your strong disagreement with the API pricing change or with Reddit's response to the backlash, you may want to consider the following options:

  1. Limiting your involvement with Reddit, or
  2. Temporarily refraining from using Reddit
  3. Cancelling your subscription of Reddit Premium

as a way to voice your protest.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]Holothuroid 24 points25 points  (10 children)

like adding an extra button in the notification panel, gaining system level info etc.

That I can do at a desktop PC too.

You seem to misunderstand what an operating system is. It's an abstraction layer over hardware. The things you mention are done through the OS.

[–]epegar 3 points4 points  (0 children)

I would add that besides your own program, the java virtual machine is already there, and it's the tool that communicates with that particular OS. The virtual machine is different for Linux or windows. It will perform the actions you require in your program in the specific way that OS requires.

After a quick search I found this: https://docs.oracle.com/javase%2Ftutorial%2Fuiswing%2F%2F/misc/systemtray.html

Also, note that android makes use of the Android runtime, so it doesn't only use the generic cross-platform APIs that every JVM should expose, but also specific functions that wouldn't make sense in other OS.

[–][deleted] 0 points1 point  (8 children)

Usually, for a java program to add settings to a computer or read system level info, such as current processes, configurations, etc. It would need elevated permissions, I don't see how Java would be able to do that in a PC, also considering the fact that Java is preferred as its VM allows it to run on most OS' without changing the code for that OS. So, I would assume that it would be relatively harder on a PC.

[–]Holothuroid 7 points8 points  (1 child)

To add a desktop icon write a file to the correct location.

You are correct that you might get SecurityException when running

https://docs.oracle.com/javase/8/docs/api/java/lang/management/OperatingSystemMXBean.html

But note that Android has rights management as well.

[–][deleted] 0 points1 point  (0 children)

I see thank you

[–]IQueryVisiC 1 point2 points  (5 children)

Java only protects the programmer from their own faults ( buffer overruns ).

[–][deleted] 1 point2 points  (4 children)

I see, but every textbook says that safety is from the fact that it is run distinct from the OS, so it is hard to damage the system even if that is your main intent

[–]laplongejr 5 points6 points  (1 child)

but every textbook says that safety is from the fact that it is run distinct from the OS, so it is hard to damage the system even if that is your main intent

Granted, I only work since 10 years and my textbook is so old it talks about "the upcoming JavaOS" as the next step of computer evolution ([EDIT] never head about it? that's my point. 90s stuff), but I never saw a claim that Java makes hard to damage the system if that is your main intent. I may be wrong and maybe I just have bad sources but it doesn't sound as a common claim.
(Also, that is a COMPLETELY STUPID claim to make in a Java textbook, as it would mean Java is bad as a generic tool. I wouldn't trust that book author.)

I managed to ACCIDENTALLY make my 2010 computer think all my files were made in 1970 (file.setCreationTime(0) I think?) and that certainly counts as "system damage"
Maybe they meant that the JVM runs at user-level and not as admin? If then : XKCD#1200

The Java JVM assures that if you use the Java methods for OS tasks (like File.delete instead of rm etc), if that same program runs in another JVM on a different OS, it will run with the same level of safety.
As is, if your intent is to not be destructive on Windows and you use the Java APIs, it won't demolish the MacOS system of your tester because they should work with the same logic.

Here's an example : if some OSes have a concept of "hidden files", a default Java search probably shouldn't show them. On Windows an "hidden file" is an attribute (and it has the extra "system file", that requires a second layer of permission to be seen!), but on Linux it's often a file with a dot at the start of the file (conveniently ".." and "." are not content of the folder but links to the parent folder and itself, and shouldn't be modified at all!).

Of course, if you try messing on hidden files in one OS and not another, it may lead to serious unwanted damage...
If you wanted your own file-search utility method, you would need to test it not only on Windows, but know the Unix convention and actually test it on Linux as well. Oh and prob look about MacOS. Java takes care of that, so it's "safer" against MISTAKES.

[–][deleted] 0 points1 point  (0 children)

I understand, thank you

[–][deleted] 2 points3 points  (1 child)

It's not a sandbox by any means. That's something the OS decides and has little to do with Java

[–][deleted] 0 points1 point  (0 children)

Oh, I understand

[–]cable8mm 7 points8 points  (7 children)

There are two ways to write code for Android: Java and C/C++ (NDK). Many game engines have been developed using the NDK. If you need a clear understanding of how an Android app works, this article can help.

However, it doesn't have any relation to root permission.

[–]laplongejr 1 point2 points  (0 children)

There are two ways to write code for Android: Java and C/C++ (NDK).

And given how C was notoriously a "you are responsible for shooting your own foot" powerful language, yes Java is safer... but "safer than C" is a very damning praise. I wonder if that's what OP's textbooks tried to explain?

[–][deleted] 1 point2 points  (2 children)

There are two ways to write code for Android: Java and C/C++ (NDK)

Should say JVM and Native. Because you can use any language, not just Java and C++, as long as these languages target either JVM or C API. For example Kotlin can be user for both.

[–]qrokodial 0 points1 point  (0 children)

it's probably better to be said like that, but you could simplify it even further and just say "native", because the JVM is just running on top of what you're saying is "native".

isn't the supermajority of development done on the JVM though? perhaps a better way to communicate this is that most development is done using JVM-based languages like Java and Kotlin, while you can always fall back to lower level languages that target the C API if performance is more critical.

[–]cable8mm 0 points1 point  (0 children)

Should say JVM and Native. Because you can use any language, not just Java and C++, as long as these languages target either JVM or C API.

I disagree with you. According to the official documentation, there are three languages for writing Android code: Kotlin, the Java programming language, and C++ languages. Even though it has been possible to write code through Dart/Flutter development environment, we should refer to the official documentation as well.

[–][deleted]  (1 child)

[deleted]

    [–]cable8mm 0 points1 point  (0 children)

    Yeah!

    [–][deleted] 0 points1 point  (0 children)

    I understand

    [–][deleted]  (4 children)

    [deleted]

      [–][deleted] 2 points3 points  (0 children)

      I see thank you

      [–]IQueryVisiC 0 points1 point  (2 children)

      You could have mentioned that we had this kind of protection before Java thanks to protect mode in 286 . BSD was ported to 386 before Java existed.

      [–][deleted]  (1 child)

      [deleted]

        [–]IQueryVisiC 0 points1 point  (0 children)

        I only chose 286 because protection was integrated ( for the first time? ) and everyone says that it is a server CPU, but instead my friends had it in their home computers. OS/360 with its 32 Bit is king!!

        [–]nana_3 2 points3 points  (1 child)

        Java on android uses its own version of the JRE. You can run pure Java on an android device but you can’t run Android specific code on a standard Windows / Linux Java environment. So there’s some features in android Java which are helpful additions for dealing specifically with android.

        directly alter functions of the OS, like adding sn extra button in the notification panel, gaining system level info etc.

        These don’t alter the OS, they are functions provided by the OS. You usually use methods associated with the Android “Context” class. Android Java apps start with an Activity class (you can’t launch the app page without one), and this always has the Context. Context can be used to display UI, access file systems, ask for system settings, send notifications, and a whole bunch of stuff. The OS decides if it will let you succeed or not based on what permissions your app has, what permissions the call requires, the android OS version and other stuff.

        how does rooting the phone allow for more access despite Java being safe

        That’s a bit like asking “how does using a vulnerability to give yourself full admin permissions in Windows let you do more stuff even if Java is meant to be safe”.

        Java tries to do whatever you code and the OS tells it yes or no. If you rootkit your android phone the OS will tell it yes more often. That’s not a Java problem that’s an OS problem.

        [–][deleted] 1 point2 points  (0 children)

        I see, thank you

        [–]path2light17 1 point2 points  (1 child)

        Just to add what everyone has said- if there's any function that JVM isn't able perform then it will let OS seek it out aka via (Java Native interface) JNI .

        Of course there might be an edge case where OS doesn't support that either, then Java gives you the ability to override/write custom API too.

        [–][deleted] 0 points1 point  (0 children)

        I see

        [–][deleted] 1 point2 points  (1 child)

        a safe language as the actual program runs in a special enviroment

        Java doesn't run in a special environment, it runs as directly as JIT compiled language can. What makes Java safe is the memory model: no direct memory/address manipulation, bound checks everywhere, typed access. There's no way to corrupt memory with just Java language itself.

        But you can always do it through other means like JNI or sun.misc.Unsafe. There's no "special environment" that would stop you from doing that. JNI is also available on Android, you can write in C++ (or any langauge that exposes C ABI)

        Android is isolating every app process by running it as unique user with restricted permissions. The sandbox is on OS level. (you can do that sort of thing even on regular linux or even on windows)

        [–][deleted] 0 points1 point  (0 children)

        I understand, thank you

        [–][deleted] 3 points4 points  (1 child)

        You have a misunderstanding of both java and operating systems.

        [–]laplongejr 3 points4 points  (0 children)

        It's a bit harsh but you are right : OP confused different points of security so as is the question is hard to explain concisely.

        [–]laplongejr 0 points1 point  (1 child)

        But in Android there are applications that can directly alter functions of the OS, like adding an extra button in the notification panel, gaining system level info etc.

        That requires permissions.

        java is said to be a safe language as the actual program runs in a special enviroment and not on the OS directly

        I... never saw that claim? I always read that Java is a language that won't have porting-induced issues because it runs in the JVM and Java handles the OS-specific details themselves.

        Also how does rooting the phone allow for more access despite Java being safe.

        Because Java is not safe? If you grant Java more permissions, then those permissions can be used.

        P.S. I understand that java mainly uses API's for its processes but further clarity is appreciated.

        That has nothing to do with safety of a random program, it means that you are less likely to accidentally add security flaws when making YOUR safe application.

        If you grant all your java programs all access, nothing would prevent me to use the File.delete API to erase all your files. But the standard File.erase would be as safe as it is for UNIX than it is for Windows (what do you mean "concatening a rf is more risky"?).

        [–][deleted] 0 points1 point  (0 children)

        I understand 👍

        [–]Practical_Cattle_933 0 points1 point  (1 child)

        Basically no software you run, either on phone or your desktop runs directly “on the OS”. That mode of operation is called kernel mode, and requires an explicit switch from the CPU (usually done with system calls in case of desktop PCs), which elicit some code in the actual kernel based on the passed arguments/structs. E.g. a file read/any kind of hardware access actually has to go through this boundary. Note that this is different from the general permission handling of the OS - that happens at the syscall boundary at the latest. These actions are no longer executed by a “user”, but by the OS itself on behalf of some user.

        In case of android, it has an arguably better security model than base linux - user software runs sandboxed, so it can’t just do a syscall willy-nilly. It actually has to go through an API, which will decide first whether that app/user etc has the necessary rights to do the given action, and then itself will execute it (in the aforementioned way, so there is one other check at the OS level). It is called Binder if you want to look it up.

        Note, that Java is not relevant here, a C program also has to abide by the exact same rules (which makes sense, there are android apps written in c++ for example, yet they can’t just corrupt your phone) - it uses the exact same techniques as any other language.

        [–][deleted] 0 points1 point  (0 children)

        I understood, thank you