2 min Devops

Google: ‘Rust reduces Android vulnerabilities’

Google: ‘Rust reduces Android vulnerabilities’

The use of ‘memory-safe’ programming language Rust reduces the number of vulnerabilities in Android, according to Google.

Android used to suffer many memory-related vulnerabilities, Google described in a recent blog post. Examples include excessive read, write and ‘use after free’. These flaws make up about 65 percent of all critical Chrome and Android bugs. If left unresolved, the bugs can significantly delay development processes.

Then there’s Rust

Google has been coding Android in Rust since 2019. According to the tech giant, the memory-safe nature of the programming language has lowered the number of memory-related vulnerabilities from 225 (76 percent of all vulnerabilities) to 85 (35 percent).

Rust became one of Android’s languages from Android 12 onward. As of Android 13, the majority of the operating system’s code is written in memory-safe languages such as Rust, Java and Kotlin.

Despite the rise of memory-safe languages, the tech giant continues to invest in tools for C and C++ code. Examples include the Scudo hardened allocator, HWASAN, GWP-ASAN and KFENCE on Android devices. Fuzzing techniques have become more prevalent as well.

Google isn’t the only tech giant to increasingly employ memory-safe programming languages. Meta, too, prefers Rust these days.

Tip: Rust 1.65 nears finishing line after six years of development