Apple + Software & Apps

Apple Drops Java in Latest OS X Security Release

Posted on October 23rd, 2012 by

Apple takes security very seriously, we all know that. Macs have long been advertised as being immune to viruses, immensely secure for browsing the web, and even resistant to attackers with direct access to the machine. While some of these claims have since been discredited, it certainly is true that Apple is very conscious of user security and data protection. We’ve seen Apple go even further in recent releases of File Vault (File Vault 2 was released with OS X 10.7 Lion, and enhanced security over the previous version, locking encryption to the Home Folder level) and other core aspects of both the Mac operating system and iOS (iOS 6 is the most secure release to date, and includes an almost hermetic level of protection against hackers). To that end, Apple has recently pulled Java from OS X in an effort to close some of the loopholes that potential attackers could use to compromise a Mac.

To truly understand Apple’s relationship with Java, and why this most recent action should come as no surprise, we must look at a brief history of OS X and Java and how they have grown together. Apple takes security so seriously, in fact, that for the last several years it maintained its own builds of Java which were deployed across the Mac platform. This means that Apple engineers had to constantly maintain the code of another company (Oracle) to keep a competitive level of parity with Windows and LInux platforms.

Almost to the day, two years ago, Apple announced that they would no longer be supporting Java on the Mac (following the release of Java SE 6 1.6.0_22), and since then, Java releases on the Mac have slightly lagged behind Oracle’s general releases. Oracle acquired Sun Microsystems in April 2009, and with it, gained the rights to Java, an immensely popular language that ran across almost every platform, and guaranteed that developers could write code once and deploy it across a variety of devices. When Apple released the iPhone in 2007, it shunned Java and made Cocoa Touch the only available method for deploying native apps to their platform.

Apple has moved away from Java gradually for a variety of reasons, but most recently, it has done so because *it can*. Having gained its critical mass of 15-20% market share in late 2009, Apple no longer needed to fight for the attention of developers, and could set more stringent requirements on apps (the latest edition of this walled garden showing up in the Mac App Store requirements on Sandboxing and API restrictions). Java has always been a bit of a back door for hackers and Apple is over it. Their message last week was loud and clear: if you want to be vulnerable, it’s your choice, but Apple will no longer support a language and platform that leaves their users at risk.

Apple’s messaging was quite terse. It seems they are driving the point home to Oracle, as they did with Adobe, that they have no interest in providing compatibility with other closed software systems simply because it’s expected of them, if those systems are not going to provide a compelling case for their users. Java’s time may be running out with the Mac community.

As with most things, you can always go download Java as a standalone product and continue to browse the web as you have always done, but if Apple was able to condemn Flash to the edges of the web in only a few short years, we may see a repeat performance with Java. Java developers take note: Android may soon be your last stronghold of relevance. Only time will tell.