Google says Android memory safety vulnerabilities dropped significantly after using Rust Language

Last year, Google made Rust the default for new code in the Android Open Source Project (AOSP), a move that appears to be paying off, with Google saying it has more than halved the number of memory safety vulnerabilities in Android.

According to Google, the number of memory safety vulnerabilities has dropped significantly over the past few years/versions. Specifically, between 2019 and 2022, the number of memory safety vulnerabilities dropped from 223 to 85 per year. Memory safety vulnerabilities now account for 35 percent of Android's total vulnerabilities, up from 76 percent four years ago. In fact, 2022 is the first year in which memory safety vulnerabilities do not account for the majority of Android vulnerabilities.

Android 13 is the first Android version where most of the new code is in memory-safe languages. In this version, the Rust language accounts for 21% of all new native code, including ultra-wideband (UWB) stacks, DNS-over-HTTP3, Keystore2, Android's Virtualization Framework (AVF), and various other components and their open-source dependencies.

In addition to Rust, Google's other memory-safe languages ​​for Android include Java and Kotlin, which is compatible with Java. C and C++ are still the dominant languages ​​in AOSP, but Android 13 is the first version where most of the new code comes from memory-safe languages.

Android security software engineer Jeffrey Vander Stoep pointed out that the Android team plans to increase the use of Rust, although there are no plans to completely abandon C and C++ in system programming. Rust isn't the answer to everything, and there are areas where C/C++ will continue to be the most practical development choice, at least for a while," he noted in a tweet. Reduce this over time while continuing to scale our Rust usage and continue investing in and deploying improvements to C/C++.

Vander Stoep pointed out that correlation does not equate to causation, but the percentage of memory safety vulnerabilities does correlate closely with the language used by the new code.

He went on to point out that in Android 13, there are a total of 1.5 million lines of Rust code, which accounts for about 21% of all new code. So far, Google hasn't found any memory safety flaws in Android's Rust code. Vander Stoep noted, 
This shows that Rust is fulfilling its intended purpose, which is to prevent the most common vulnerabilities in Android. In many C/C++ components of Android (such as media, Bluetooth, NFC, etc.), the historical vulnerability density is greater than 1 / kLOC (one vulnerability per thousand lines of code). Based on this historical vulnerability density, using Rust has likely prevented hundreds of vulnerabilities.
Google sees moving away from C/C++ as a challenge but is moving forward with the project for Android. However, it does not use the Rust language on Chrome.

Rust is a system programming language that focuses on security, especially concurrency security, and supports multi-paradigm languages ​​such as functional, imperative, and generic programming paradigms. Rust is syntactically similar to C++, but the designers wanted to provide better memory safety while maintaining performance.

Post a Comment