I don’t mean for this to be a big entry, but I just wanted to point something out. I was reading the interview with Charlie Miller (of, recently, iPhone SMS vulnerability fame) and he said something that I never really thought about until now:
As an aside, Android implemented their SMS stack with Java. Therefore, it was not possible to corrupt memory, instead, we just got unhandled exceptions. So our attacks were limited to denial of service.
Since all of Android’s applications are actually written in Java rather than Objective C, this gives Android a bit more security when dealing with 3rd party code. Don’t get me wrong, as a developer I have to qualify that with though probably still possible, just harder to accomplish, there will probably be nothing as bad on Android phones as this iPhone SMS “threat” was. The best you can hope for is to crash Android’s JVM.
If Apple is so anal about trying to protect ATT’s cellular towers and thereby claiming jailbreaking an iPhone is bad, then why would they allow such a low level language to be the language of choice for developing on the iPhone? This is what happens when a company wants to push their language into even more of the mainstream.