The Transition of Google to Rust Programming Reduces Android Memory Vulnerabilities by 52%
Google has unveiled that its shift to memory-safe languages like Rust as part of its design-first approach has resulted in a 52% decrease in memory vulnerabilities detected in Android over six years.
The technology behemoth emphasized the importance of Safe Coding for new functionalities, which not only minimizes the overall security risks in a codebase but also enhances the scalability and cost-efficiency of the transition.
Subsequently, this decline in memory safety risks occurs due to reduced development of memory-unsafe code over time as secure memory development takes precedence, according to Google’s Jeff Vander Stoep and Alex Rebert who were quoted in a post shared with The Hacker News.
Interestingly, the quantity of memory safety vulnerabilities can diminish even as there is a rise in the volume of new memory-unsafe code.
The anomaly can be explained by the exponential decay of vulnerabilities, with research indicating that a significant number of vulnerabilities are present in newer or recently altered code.
Vander Stoep and Rebert highlighted, “The primary issue lies with recent code changes, prompting a paradigm shift in our code development approach. Code naturally matures and becomes more secure over time, resulting in diminishing returns on efforts like rewrites as code ages.”
Google, which officially declared its support for the Rust programming language in Android back in April 2021, mentioned that it began prioritizing the adoption of memory-safe languages for new developments around 2019.
This shift led to a considerable reduction in memory safety vulnerabilities identified in the OS from 223 in 2019 to less than 50 in 2024.
A significant part of the reduction in such issues can be attributed to advancements in countermeasures, progressing from reactive patching to proactive detection and mitigation using tools like Clang sanitizers.
Google emphasized the need for memory safety strategies to evolve further towards prioritizing “high-assurance prevention” through the integration of secure-by-design principles that embed security at the core of development processes.
“By focusing on Safe Coding, we can make strong assertions about the code’s characteristics and its potential outcomes based on those characteristics, moving beyond mere interventions and historical performance as predictors of future security,” mentioned Vander Stoep and Rebert.
Moreover, Google is concentrating on establishing compatibility between Rust, C++, and Kotlin rather than rewriting code, following a pragmatic and step-by-step approach to embracing memory-safe languages and eventually eradicating entire classes of vulnerabilities.
“Embracing Safe Coding in new developments initiates a change in perspective, enabling us to utilize the natural decrease in vulnerabilities to our benefit, even in large existing systems,” as stated.
“The concept is straightforward: by reducing the flow of new vulnerabilities, their count decreases exponentially, enhancing the security of all code, improving the efficacy of security design, and addressing the scalability challenges linked to existing memory safety strategies in a more targeted manner.”
This development coincides with Google’s collaboration with Arm’s product security and GPU engineering teams to identify multiple deficiencies and bolster the overall security of the GPU software/firmware stack in the Android ecosystem.
This collaboration resulted in the detection of two memory flaws in Pixel’s customized driver code (CVE-2023-48409 and CVE-2023-48421), along with another vulnerability in Arm Valhall GPU firmware and 5th Gen GPU architecture firmware (CVE-2024-0153).
“Being proactive in testing is crucial as it enables the identification and resolution of vulnerabilities before they can be exploited,” mentioned Google and Arm in a joint statement.
About Author
