Friday, February 20, 2009

Porting J2ME Applications to Android

When the new Google Android platform was introduced, there were initially a small number applications available, so Google spent $10 million to attract developers to their Android Developer Challenge before the T-Mobile G1 phone was released.  The existing Java ME community quickly realized that there was a huge opportunity if there can be tools developed that allowed the existing Java ME applications to be run on the Android platform.  

There are 2 tools that may be somewhat useful for allowing Java ME applications to run on Android:
  1. MicroEmulator is a pure Java implementation of Java ME in J2SE.  The advantage is that it is an open source project and is licensed under LPGL so that it is possible to distribute commercial software with its libraries.  See MicroEmu: Running Java ME applications on Android for further details.  
  2. Netmite has developed an application, J2ME MIDP Runner to allow running Java ME applications on Android without significant source code changes that is readily available to download from the Android Market
MicroEmulator supports the following features :  
  • MIDP 2.0 (TextField UI - not yet implemented)
  • Skinnable and configurable interface
  • Generic Connection Framework
  • JSR 135 (Mobile Multimedia API); JSR 75 (File Connection API)
  • JSR-179 (Location APIs) targeted to be available as a commercial extension
  • JSR-184 (3D graphics) on top of Android OpenGL ES targeted to be available in the future as a commercial extension
Bookmark and Share

Friday, February 13, 2009

Android Vulnerability: Is the phone Web Browser really dangerous ?

Sarah Perez writes 
"Android Vulnerability So Dangerous, Owners Warned Not To Use Phone's Web Browser". According to Washington DC Security researcher, a new vulnerability in Google's mobile OS Android allows hackers to remotely take control of the phone's web browser and related processes. 

But, wait let's take a closer look at how an Android phone can be compromised.  If an Android user does not utilize the media server functionality when using its web browser, can he still be at risk?  According to Rich Cannings, Android Security Engineer, the Android mediaserver uses OpenCore and works within its own application sandbox so that security issues in the mediaserver would not affect other applications on the phone such as email, the browser, SMS and the dialer.  He further notes that the Android vulnerability is limited to the mediaserver and could only exploit actions the mediaserver performs such as listen to and alter some audio and visual media.

"Both vulnerabilities could have been prevented if Android had the ability to block malicious code from executing in memory."  One of the ways, this can be prevented is by the use of a class file verifier similar to the J2ME verifier, which could ensure that the Android bytecodes (.dex files) do not contain illegal instructions, cannot be executed in an illegal order and do not contain references to invalid memory locations, etc.

Bookmark and Share