Both environment variables and system properties provide user-defined mappings between keys and their corresponding values and can be used to communicate those values from the environment to a process. According to the Java API [API 2006] java.lang.System class documentation:
...
The default values of system properties are set by the Java Virtual Machine (JVM) upon startup and can be considered trusted. However, they may be overridden by properties from untrusted sources, such as a configuration file. System properties from untrusted sources must be sanitized and validated before use.
The Java Tutorial [Campione 1996] states:
To maximize portability, never refer to an environment variable when the same value is available in a system property. For example, if the operating system provides a user name, it will always be available in the system property
user.name.
...
First, this is a portability issue. The Java Tutorial Campione 1996 further suggests:
The way environment variables are used also varies. For example, Windows provides the user name in an environment variable called
USERNAME, while UNIX implementations might provide the user name inUSER,LOGNAME, or both.
...
On Android, the environment variable user.name is not used and is left blank. However, environment variables exist and are used on Android so the rule is applicable.
Bibliography
...