The variety of memory-related vulnerabilities in Android has dropped sharply over the previous 5 years, because of Google’s use of a secure-by-design method that emphasizes using memory-safe languages like Rust for many new code.
Reminiscence issues of safety like buffer overflows and use-after-free bugs now account for simply 24% of all Android vulnerabilities, in comparison with 76% in 2019. Numbers up to now this yr counsel a complete of 36 Android memory-related vulnerabilities for all of 2024, or roughly half the quantity as final yr and a far cry from 223 flaws in 2019.
Safe-by Design Method Pays Off
In a Sept. 25 weblog submit, researchers from Google’s Android and safety groups credited the progress to Protected Coding, a secure-by-design method on the firm that prioritizes memory-safe languages like Rust for brand new code improvement. “Primarily based on what we have discovered, it is change into clear that we don’t must throw away or rewrite all our current memory-unsafe code,” the researchers wrote. “As a substitute, Android is specializing in making interoperability protected and handy as a major functionality in our reminiscence security journey.”
Reminiscence security vulnerabilities have historically accounted for, and proceed to account for, greater than 60% of all software software program vulnerabilities. They’ve additionally been disproportionately extreme when in comparison with different flaws. As an illustration, in 2022, memory-related bugs made up solely 36% of all recognized Android vulnerabilities however accounted for 86% of essentially the most extreme flaws within the working system and 78% of confirmed exploited Android bugs.
A lot of this has to do with how broadly used programming languages reminiscent of C and C++ enable software program builders to immediately manipulate reminiscence, leaving the door open for errors to creep in. In distinction, memory-safe languages like Rust, Go, and C# function computerized reminiscence administration and built-in security checks in opposition to frequent memory-related bugs. Quite a few safety stakeholders together with the US Cybersecurity and Infrastructure Safety Company (CISA) and even the White Home have raised issues over heightened safety publicity related to utilizing memory-unsafe languages and the substantial prices concerned in addressing them. Whereas the shift to memory-safe languages has been slowly gaining momentum, many count on it’s going to take years and presumably a long time to maneuver current code bases fully to memory-safe code.
A Gradual Transition
Google’s method to the issue has been to make use of memory-safe languages like Rust for brand new Android options whereas leaving current code largely untouched besides to make bug fixes. The result’s that over the previous few years there was a gradual slowdown in new improvement exercise involving memory-unsafe languages matched by a rise in memory-safe improvement exercise, the 2 Google researchers stated.
Google started the transition with help for Rust in Android 12 and has been regularly growing use of the programming language throughout the Android Open Supply Venture. Android 13 marked the primary time that a lot of the new code within the working system was in a memory-safe language. On the time, Google emphasised that its objective was to not convert all C and C++ code to Rust, however as a substitute to regularly transition to the brand new programming language over time.
In a weblog submit earlier this yr, members of Google’s safety engineering crew famous that they noticed “no practical path for an evolution of C++ right into a language with rigorous reminiscence security ensures.” However quite than strolling away from it unexpectedly, Google will proceed to put money into instruments to enhance reminiscence security in C and C++ to help the corporate’s current codebases written in these languages.
Considerably, Google discovered that memory-related bugs as a share of all Android vulnerabilities declined not simply due to the corporate’s rising use of a memory-safe language like Rust but additionally as a result of older vulnerabilities decayed with time. The researchers discovered that the variety of vulnerabilities in a given quantity of code — also known as vulnerability density — was decrease in five-year-old Android code in comparison with model new code.
“The issue is overwhelmingly with new code, necessitating a elementary change in how we develop code,” the researchers stated.