Mobile Java apps will generally run with a security manager engaged, which -amongst other things- will verify that the bytecode is valid. This is conceptually similar to the sandbox applets run in as part of a web browser. The app may request specific permissions from the user, but that does include running unverified bytecode.
Happiness is not a goal ... it's a by-product of a life well lived - Eleanor Roosevelt. Tiny ad: