The share of Android vulnerabilities brought on by reminiscence questions of safety has dropped from 76% in 2019 to solely 24% in 2024, representing an enormous lower of over 68% in 5 years.
That is effectively under the 70% beforehand present in Chromium, making Android a superb instance of how a big venture can step by step and methodically transfer to a protected territory with out breaking backward compatibility.
Google says it achieved this outcome by prioritizing new code to be written in memory-safe languages like Rust, minimizing the introduction of latest flaws with time.
On the identical time, the previous code was maintained with minimal modifications centered on vital safety fixes relatively than performing in depth rewrites that may additionally undermine interoperability.
“Primarily based on what we have realized, it is change into clear that we don’t must throw away or rewrite all our current memory-unsafe code,” reads Google’s report.
“As an alternative, Android is specializing in making interoperability protected and handy as a major functionality in our reminiscence security journey.”
Supply: Google
This technique makes older code mature and turns into safer over time, lowering the variety of memory-related vulnerabilities in it no matter what language it was written in.
These two pillars within the Android constructing technique had a synergistic impact in direction of the dramatic lower of reminiscence flaws on the earth’s most generally used cellular platform.
Google explains that, whereas it could appear dangerous to depart older code primarily unchanged and although new code is anticipated to be higher examined and reviewed, the other is occurring, regardless of how counter-intuitive it could appear.
It is because current code modifications introduce most flaws, so new code virtually at all times comprises safety issues. On the identical time, bugs in older code are ironed out except builders carry out in depth modifications to it.
Supply: Google
Google says that the trade, together with itself, has gone by way of 4 foremost phases in coping with reminiscence security flaws, summarized as follows:
- Reactive patching: Initially, the main focus was on fixing vulnerabilities after they had been found. This strategy resulted in ongoing prices, with frequent updates wanted and customers remaining susceptible within the meantime.
- Proactive mitigations: The following step was implementing methods to make exploits more durable (e.g., stack canaries, control-flow integrity). Nonetheless, these measures usually got here with efficiency trade-offs and led to a cat-and-mouse sport with attackers.
- Proactive vulnerability discovery: This era concerned utilizing instruments like fuzzing and sanitizers to search out vulnerabilities proactively. Whereas useful, this technique solely addressed signs, requiring fixed consideration and energy.
- Excessive-assurance prevention (Protected Coding): The most recent strategy emphasizes stopping vulnerabilities on the supply through the use of memory-safe languages like Rust. This “safe by design” technique supplies scalable and long-term assurance, breaking the cycle of reactive fixes and expensive mitigations.
“Merchandise throughout the trade have been considerably strengthened by these approaches, and we stay dedicated to responding to, mitigating, and proactively trying to find vulnerabilities,” defined Google.
“Having mentioned that, it has change into more and more clear that these approaches should not solely inadequate for reaching a suitable stage of danger within the memory-safety area, however incur ongoing and growing prices to builders, customers, companies, and merchandise.
“As highlighted by quite a few authorities businesses, together with CISA, of their secure-by-design report, “solely by incorporating safe by design practices will we break the vicious cycle of continually creating and making use of fixes.”
Final June, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) warned that 52% of essentially the most broadly used open-source initiatives use memory-unsafe languages.
Even initiatives written in memory-safe languages usually depend upon parts written in memory-unsafe languages, so the safety danger is difficult to handle.
CISA really helpful that software program builders write new code in memory-safe languages reminiscent of Rust, Java, and GO and transition current initiatives, particularly vital parts, to these languages.