Last year, Google made Rust the default code for new code in the Android Open Source Project (AOSP), a move that appears to be paying off as Google says memory security vulnerabilities in Android have been reduced by more than half.
Image source Pexels
Google says that “the number of memory security vulnerabilities has dropped significantly over the last few years/versions”. Specifically, the number of memory security vulnerabilities has dropped from 223 to 85 per year between 2019 and 2022. Memory security vulnerabilities are now 35% of the total vulnerabilities in Android, compared to 76% four years ago. In fact, “2022 is the first year in which memory security vulnerabilities do not make up the majority of Android vulnerabilities.”
Android 13 is the first version of Android to include mostly new code in a memory-safe language, with the Rust language accounting for 21% of all new native code in this version, including the Ultra Wide Band (UWB) stack, DNS-over-HTTP3, Keystore2, Android’s Virtualization Framework (AVF), and “various other components and their open-source dependencies”.
In addition to Rust, Google’s other memory-safe languages for Android include Java and Kotlin, which is compatible with Java. C and C++ are still the dominant languages in AOSP, but Android 13 is the first version where most of the new code comes from memory-safe languages.
Android security software engineer Jeffrey Vander Stoep pointed out that the Android team plans to increase the use of Rust, although there are no plans to completely abandon C and C++ in system programming. “Rust isn’t the answer to everything, and there are areas where C/C++ will continue to be the most practical development choice, at least for a while,” he noted in a tweet. Reduce this over time while continuing to scale our Rust usage and continue investing in and deploying improvements to C/C++.”
Vander Stoep pointed out that correlation does not equate to causation, but the percentage of memory safety vulnerabilities does correlate closely with the language used by the new code.
He went on to point out that in Android 13, there are a total of 1.5 million lines of Rust code, accounting for about 21% of all new code. So far, Google hasn’t found any memory safety flaws in Android’s Rust code. Vander Stoep noted, “This shows that Rust is fulfilling its intended purpose of preventing Android’s most common vulnerabilities. In many C/C++ components of Android (such as media, Bluetooth, NFC, etc.), the historical vulnerability density is greater than 1/ kLOC (one vulnerability per thousand lines of code). Based on this historical vulnerability density, using Rust has likely prevented hundreds of vulnerabilities.”
Google sees moving away from C/C++ as a challenge but is moving forward with the project for Android. However, it does not use the Rust language on Chrome.
It is reported that Rust is a system programming language that focuses on security, especially concurrency security, and supports multi-paradigm languages such as functional, imperative, and generic programming paradigms. Rust is syntactically similar to C++, but the designers wanted to provide better memory safety while maintaining performance.
