Google reveals statistics from the use of Rust language in the Android operating system since 2019, spanning around 6 years, indicating a significant reduction in memory-related vulnerabilities. With memory-safe features at the language level, it serves as a powerful security measure.
Google’s approach involves writing new code for Android in Rust, a memory-safe language, while trying to limit the growth of existing code. As a result, the proportion of memory-safe code has gradually increased (currently around 2:1 between old and new code), leading to a substantial decrease in memory safety-related vulnerabilities.
Previously, Google’s statistics showed that memory-related vulnerabilities accounted for 76% of all vulnerabilities in Android in 2019. This figure has now decreased to just 24% (industry average stands at 70%).
Google’s key takeaway is the importance of not discarding old code but focusing on interoperability between new and old code. This is why Google donated $1 million to the Rust Foundation to enhance Rust’s compatibility with C++.
TLDR:
Google utilizes the Rust language in Android to reduce memory vulnerabilities, emphasizing compatibility between old and new code. As a result, Android development with Rust has reached 1.5 million lines without any memory-related vulnerabilities.
Leave a Comment