This has nothing to do with Android vs iOS, it's affecting the *server*.

Explain that to the couple of iOS users in this thread saying “imagine what Android must be going through!” Also, this only affects iOS because RCE on iCloud practically means full access to device activity on iOS. Google servers are not vulnerable to this, so Android is safe.

Java and Kotlin are the primary languages used to develop on Android. Those apps can and do use Log4J for local logging. So unless the OS blocks outgoing JNDI requests, Android IS affected.

Luckily, Android has its own logging framework, so hopefully the number of apps opting to use Log4J instead is small. But gauging from the "how do I configure Log4J for Android?" threads on StackOverflow it is non-zero.

You still don’t get the impact of this RCE. It’s not about android or iOS. It’s about what in your whole platform stack runs on the JVM. From the mobile till the last fricken service in your whole pipeline. People atm just playing around, trying to find unsanitized inputs.