The assumption that you control all of the code is a dangerous one. For example, if you support web browsing on the device the VM is most likely accessible by Java apps downloaded from websites (one of the more common attack vectors). There is also the possibility of 'drive-by' attacks where, for example, Java code could be introduced into a system through buffer overflows or other cracks in the system. A completely closed off deep embedded system is probably safe, but the more interfaces you have in the system the more potential vulnerabilities there are.
I did a post of the Java VM to pSos, back when this was a viable option for embedded systems. This VM could act as a standalone multitasking kernel without too much effort, and it can also work under an operating system. The Dalvik VM performs much the same under Android, providing a virtualized sandbox within which apps can run without providing too much access to system resources.
My biggest concern to using Java in embedded systems is their security record of late. Most of the latest round of viruses in the PC world have gained entry through holes in the Java sandbox that provide access to the underlying resources. They have patched many of these holes in the full PC environment, but I have to wonder how secure the VM is on the lower end. This concern is fed by my memories of the Java VM that I ported - That was some of the ugliest code that I have seen.
I've not used JavaME, but it seems from this page (link below) that it requires a device to have its own operating system, and JavaME runs on top of that. e.g. on Raspberry Pi it runs on Linux, and on Keil it runs on RTX OS
I feel I've been missing something for sometime now. I have always thought about Java as only a programming language and from Android I think of it as an OS. But just now I realize that the Dalvik Virtual Machine that Android uses for executing it's Java code doesn't execute the Java code coming from Java SE (from Oracle).
However, Java all it needs to run is a Virtual Machine right? So if someone makes a VM for Java on Android, then Java would be running on Android right?
And then... saying that Java will substitute Android on mobile phones... isn't it like saying C language will substitute Linux? Please correct me if I'm wrong.
How can Java substitute an Operating system? how can a programming language by itself take care of all Input output operations and all that an OS takes care of?
It's funny how writing about this allows me to reconsider. I see that the real OS in Android is the Linux Kernel. And then The Dalvik VM sits on top. Then, this is what they mean when Java is to compete against Android. But... anyway, Android is a long way ahead now. It's better if Oracle puts more effort on markets where Android isn't that strong.
IMHO Java got its butt kicked in mobile and some parts of embedded by Android which uses a VM incompatible with it. That's in part why Oracle unsuccessfully (so far) sued Google.
That said Java still has a role in servers and may have one in IoT where Android can't follow unless Google does an Android Lite....hmmm, there's something I can adsk Mr Android about at the Weds. press meeting!
Dylan: Given the extraordinarily high rate of adoption of Android phones and tablets, I have to think it's wishful thinking at Oracle to start talking about Adroid fatigue. He was just talking about developers -- and there are a LOT of Adroid app-builders out there. But I think we're a long, long way from seeing people switch to Java.
I have heard from several people that increase proliferation of Java is one of the things that could bring some of the Internet of Things visions out there to reality. It's interesting that Utzschneider says there is a lot of "Android fatigue." Is that true or just marketing hype?