High-severity Android flaws are on the decline, and it’s all thanks to Rust
The Rust programming language is the key to making the Android operating system safer, Google’s engineers have claimed.
In a blog post published by Android security engineer Jeffrey Vander Stoep, the Googler says the number of severe memory vulnerabilities has significantly dropped in the last three years and suggests it’s all thanks to the OS moving away from memory-unsafe programming languages, C and C++.
Three years ago, the majority (65%)of Android bugs were either high-severity or critical-severity memory safety bugs (think out-of-bounds read and write flaws, for example). Since then, Google has been steadily writing new Rust code and adding it to Android (as opposed to simply improving existing code). Now, the number of these flaws has dropped significantly, and they’re no longer the biggest issue plaguing the mobile OS.
Less severe vulnerabilities in a constant
“From 2019 to 2022 the annual number of memory safety vulnerabilities dropped from 223 down to 85,” Vander Stoep explains.
With Android 12 (released in early October 2021), the OS became a Rust-first product, he said. And while memory safety bugs have declined thanks to the use of the novel programming language, other forms of vulnerabilities have remained steady at roughly 20 new flaws discovered every month. However, these flaws are not as severe as memory safety bugs.
But this doesn’t mean Google is giving up on C and C++ completely. The company will continue to invest in tools to write safer C and C++ code, Vander Stoep said, mentioning the Scudo hardened allocator, HWASAN, GWP-ASAN, and KFENCE on Android(opens in new tab) devices. He also said Google increased its use of fuzzing.
So far, Rust has been pretty reliable, but Vander Stoep knows this might change in the future: To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code,” he concluded. “We don’t expect that number to stay zero forever, but given the volume of new Rust code across two Android releases, and the security-sensitive components where it’s being used, it’s a significant result.”