Android has witnessed a significant decline in memory-related vulnerabilities over the past five years, with only 24% of all vulnerabilities now attributed to memory safety issues, compared to a whopping 76% in 2019. This remarkable improvement is credited to Google’s adoption of a secure-by-design approach, emphasizing the use of memory-safe languages like Rust in the development of new code.
In a recent blog post dated September 25, researchers from Google’s Android and security teams shared insights into the success of their Safe Coding initiative. This approach prioritizes the use of memory-safe languages such as Rust for new code development, steering away from the traditional memory-unsafe languages like C and C++. The researchers affirmed that while existing memory-unsafe code does not need to be completely rewritten, the focus is on enhancing interoperability safely and conveniently as part of the memory safety journey.
For many years, memory safety vulnerabilities have accounted for over 60% of all application software vulnerabilities, marking them as one of the most severe flaws. Despite representing only 36% of identified Android vulnerabilities in 2022, memory-related bugs were responsible for 86% of the most severe operating system flaws and 78% of exploited Android bugs. This alarming trend has prompted security stakeholders, including the US Cybersecurity and Infrastructure Security Agency (CISA) and the White House, to voice concerns over the heightened security risks associated with memory-unsafe languages and the substantial costs incurred to address them.
In response to these challenges, Google has gradually transitioned to memory-safe languages like Rust for new Android features, while predominantly maintaining existing codebases with bug fixes. The company’s strategic shift began with the introduction of Rust support in Android 12, followed by increased adoption within the Android Open Source Project, culminating in Android 13 where most new code was written in a memory-safe language. Google’s objective is to progressively migrate towards utilizing memory-safe languages without the immediate conversion of all existing C and C++ code to Rust.
Emphasizing the importance of evolving coding practices, Google’s security engineering team highlighted the infeasibility of transforming C++ into a language with robust memory safety guarantees. Instead of a sudden overhaul, Google plans to enhance memory safety tools for C and C++ to support its current codebases written in these languages. Additionally, Google observed a decline in memory-related vulnerabilities over time, attributing this to a decrease in vulnerability density in older Android code compared to new code.
Overall, Google’s strategic shift towards a secure-by-design approach with a focus on memory-safe languages has significantly reduced memory-related vulnerabilities in Android. While the adoption of memory-safe languages continues to gain traction, transitioning existing codebases entirely to memory-safe code is envisioned to be a gradual process spanning several years or even decades. The success of Google’s approach underscores the importance of prioritizing security in software development to mitigate potential vulnerabilities effectively.