Laptops, pagers, and cell phones are everywhere, and the variety is endless. The industry’s need for these devices to be able to run and perform almost any task that used to be done on desktops requires a standard and easy way to develop applications. The solution must follow a variety of platforms and take into account many limitations, such as limited memory, small screen sizes, alternative input methods, and slow processors that come with the small footprint.
Recognizing that “one size does not fit all”, Sun grouped its Java technologies into three editions, each aimed at a specific market segment:
o J2EE – Aimed at heavy server systems.
o J2SE: Targeted at standard desktop and workstation applications
And Java 2 Platform Micro Edition (J2ME): Targeted at small, memory-constrained devices and standardizes the use of Java technology in wireless devices. The J2ME architecture had to be modular and scalable due to the diversity of target devices. To achieve this, J2ME provides a range of virtual machines, each optimized for different types of processors and memory footprints.
J2ME benefits include increased application security and consistency across platforms and devices, superior graphical user interfaces, the ability to work offline without wireless coverage, peer-to-peer networking, and no license fees required for SDK, which means that anyone can build an app and market it.
J2ME vs. WAP
J2ME applications have much more to offer than those built under the Wireless Application Protocol (WAP), in terms of features and security. While WAP is a thin client development protocol, J2ME is a development platform specifically for intelligent applications. J2ME applications offer the following security advantages over WAP applications:
o Without a WAP gateway in the middle, intelligent applications can provide scalable end-to-end security from the back-end to the wireless devices. This will be especially important as the back-end evolves towards a message-driven web services framework.
o Smart applications can store and process data locally, reducing network traffic. This not only conserves precious wireless bandwidth and reduces latency, but also reduces the likelihood that critical information will be intercepted or disrupted (for example, by denial of service attacks).
o Smart apps use the device’s processing power efficiently. Instead of encrypting everything with the same key strength regardless of need, wealthy customers can set a comprehensive differentiating content-based security policy.
J2ME vs. native platforms
Compared to native platforms, the main strength of the Java platform is that it allows us to write portable applications. The portability of the Java platform derives from its execution model. Specifically, it derives from using the JVM to process Java bytecode into machine code at runtime, providing a compatibility layer on top of the hardware. The Java platform execution model also introduces some important security benefits that are missing from native device applications. These benefits are the following:
o The JVM checks all classes in the classloaders and ensures that applications do not perform dangerous operations. Because runtime class verification is computationally expensive for MIDP virtual machines, MIDP has a special two-step bytecode verification scheme. We will address this scheme in a later section.
o The JVM has a monitoring mechanism to protect application errors at runtime. A good example is the garbage collector. The JVM can clean up lots of application memory automatically at runtime. This helps prevent memory leaks, which are the main cause of crashes between native apps.
o The JVM can provide a security manager or sandbox for applications. Viruses and other hostile code accidentally downloaded from the Web can present serious security risks. On the Java platform, entire applications (that is, JAR files) can be digitally signed. The JVM security manager grants the signed application privileges to access specific APIs (domains) based on the signer’s trust level. We’ll discuss domain-based mobile code security in more detail in a later section.
The intelligent usability-focused design and built-in execution model of the Java platform give J2ME applications significant performance and security advantages over native and WAP applications.