Google has been integrating code written in the Rust programming language into the Android operating system since 2019, and its efforts have resulted in fewer vulnerabilities.
Memory security errors – like out of bounds you read and to write horse use for free take into account more 65% of security vulnerabilities High or critical bugs in Chrome and Android, and figures are similar in software from other vendors. These flaws reduce security and increase the cost of software development not caught early.
But that figure has dropped after four years of Android picking up the pieces of Rust.
“From 2019 to 2022, the annual number of memory vulnerabilities fell from 223 to 85,” said Android security engineer Jeffrey Vander Stoep. blog post.
Vander Stoep says the decline coincides with efforts to move away from memory-insecure programming languages, by which he means C/C++, a language that does not guarantee memory security but can support it.
Starting with Android 12 last year, Rust has become an Android platform language. And now in Android 13, says Vander Stoep, most of the new code added to the version was written in a memory-safe language (Rust, Java, or Kotlin).
With less unsafe memory code entering Android, memory security flaws have increased from 76 percent of Android vulnerabilities in 2019 to 35 percent in 2022 – the first year that memory security bugs did not represent most vulnerabilities.
Other vulnerabilities have remained stable over time, emerging at a rate of about 20 per month over the past four years. As memory security flaws account for the majority of critical issues, emerging vulnerabilities have proven to be less serious.
Google isn’t the only big tech company to recognize the benefits of secure memory code. meta sang Appreciating Rust. A few months ago, Microsoft CTO Mark Russinovich declaration That C/C++ should no longer be used to start new projects and that Rust should be deployed where a non-garbage collection language is required.
At the time, C++ creator Bjarne Stroustrup challenged Russinovich’s guidance by pointing out: type and memory security can be bad in the ISO standard C++ implemented by a static analysis. As Stroustrup saw, helping C++ improve makes more sense than deprecating the language and letting unsafe code stray.
Vander Stoep says Google continues to invest in tools to write safer C/C++ code on Android devices, pointing to Scudo powered splitter, HWASAN, GWP-ASAN and KFENCE. And it says Google is increasing its use of blurring. But while such measures contribute to the reduction in memory security errors, he argues most of the reduction in vulnerability should be attributed to the shift to memory-safe languages.
In Android 13, roughly 21 percent of new native code is written in Rust. This includes about 1.5 million lines of Rust code from the Android Open Source Project (AOSP) and consists of components such as: keystore2new Ultra-wideband (UWB) stack and DNS over HTTP3 written in C++ in previous years.
And so far, Rust has delivered. “To date, zero memory vulnerabilities have been discovered in Android’s Rust code,” said Vander Stoep, who wisely acknowledged that this probably won’t be the case forever.
“Rust’s combination of speed and memory security makes it an excellent choice for a wide variety of projects,” said Rebecca Rumbul, executive director and CEO of the Rust Foundation. Record. “It is not surprising to see Rust being increasingly integrated into existing projects and products, and Google’s latest blog Mentioning Rust on Android really highlights the security benefits.”
“These security benefits are also recognized by policy makers around the world, with governments in Europe and North America adopting Rust as a solution to some of their past security problems,” Rumbul said.
The US National Security Agency recently observed that while languages like C++ can provide a lot of flexibility, they rely on the programmer to provide the necessary memory reference checks.
“Software analysis tools can detect many instances of memory management issues, and operating environment options can also provide some protection, but the inherent protections offered by memory-safe software languages can prevent or mitigate most memory management issues,” the agency said. guidance [PDF] published last month. “The NSA recommends using a memory-safe language whenever possible.” ®
