Google turns to Rust to remedy Android vulnerabilities – Techradar

Google has greenlighted the use of the Rust programming language in Android’s low-level system-code in order to curb the growing number of memory-based security vulnerabilities in the mobile operating system.

In a post in the Google Security blog, members of the Android development team list their efforts to detect, fix, and mitigate the memory safety bugs. Despite their efforts, these vulnerabilities make up about 70% of Android’s high severity security vulnerabilities. 

“Memory-safe languages are the most cost-effective means for preventing memory bugs. In addition to memory-safe languages like Kotlin and Java, we’re excited to announce that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself,” wrote Jeff Vander Stoep and Stephen Hines, from the Android Team. 

Memory management

The memory safety guarantees of Rust make it particularly useful for low-level systems programming. It is for this very reason that support for Rust has even been included in the bleeding edge branch of the Linux kernel.

Android developers work either with Java, and compatible languages like Kotlin, to write the high-level parts of the OS such as the user interface, while the low-level aspects such as the kernel and drivers are best written in C and C++.

However these languages give charge of several crucial aspects such as memory management to the developer. This is one of the charms of the languages and developers welcome the flexibility. But when memory management is improperly