Like any widely used software, security vulnerabilities are constantly being discovered (and then patched) in Android all the time. Fortunately, one type of security problem is diminishing thanks to a change in programming languages.
Google published a blog post on its security blog this week, explaining that memory security vulnerabilities, where buffer overflows, and other similar issues in code can allow other software to break out of sandboxes and cause problems. , are declining on Android phones. The company said: “We see that the number of memory security vulnerabilities has reduced considerably in recent years/releases. From 2019 to 2022, the annual number of memory security vulnerabilities dropped from 223 to 85.”
So why the drop in security issues? Google was quick to point out that “correlation doesn’t necessarily mean causation,” but the likely culprit is the decision to write much of Android’s newer code in the Rust programming language, rather than older languages like C or C++. Rust strengthens memory security, drastically reducing the possibility of memory-related security problems.
Google revealed in the blog post: “From 2019 to 2022, it dropped from 76% to 35% of total Android vulnerabilities. 2022 is the first year that memory security vulnerabilities do not account for the majority of Android vulnerabilities.” Rust is still not the majority of new code added each year, but the percentage of Rust code is gradually increasing. Google also noted that no security issues have been discovered in Android’s Rust code so far.
There are still Many other potential security issues outside of memory security issues, but it seems Android phones and tablets are more secure due to the transition to Rust. It is certainly worth celebrating.
Source: Google Security Blog