The Rust programming language is key to making the Android operating system more secure, Google engineers claim.
In a blog post (opens in new tab) published by Android security engineer Jeffrey Vander Stoep, the Googler says the number of serious memory vulnerabilities has dropped significantly over the past three years and suggests it’s all down to the operating system moving away from memory-insecure programming languages, C and C++.
Three years ago, most (65%) of Android bugs were very serious or critical memory security bugs (think out-of-bounds read and write errors, for example). Since then, Google has been steadily writing and adding new Rust code to Android (as opposed to simply improving existing code). Now the number of these flaws has dropped significantly and they are no longer the main problem plaguing the mobile operating system.
Minor vulnerabilities in a constant
“From 2019 to 2022, the annual number of memory security vulnerabilities fell from 223 to 85,” explains Vander Stoep.
With Android 12 (released in early October 2021), the operating system became a Rust-first product, he said. And while memory security bugs have decreased thanks to the use of the new programming language, other forms of vulnerabilities have held steady at about 20 new bugs discovered each month. However, these flaws are not as serious as memory security bugs.
But this does not mean that Google completely gives up on C and C++. The company will continue to invest in tools to write more secure C and C++ code, said Vander Stoep, citing the Scudo hardened allocator, HWASAN, GWP-ASAN and KFENCE on Android (opens in new tab) devices. He also said that Google has increased the use of fuzzing.
So far, Rust has been fairly reliable, but Vander Stoep knows that could change in the future: to date, no in-memory security vulnerabilities have been discovered in Android’s Rust code,” he concluded. “We don’t expect that number to stay zero forever, but given the volume of new Rust code in two Android releases and the security-sensitive components where it’s used, it’s a significant result.”
Through: The register (opens in new tab)