Like Microsoft, Security vulnerabilities are continually discovered and later patched in Android. One major security issue is now decreasing, i.e., of memory safety vulnerabilities. Google has shared how new code in Rust is better than C and C++ programming languages when it comes to memory safety and security issues.
Recently, Google posted a blog on its security blog explaining that memory safety vulnerabilities, which are code problems that cause buffer overflows or other problems in code, are decreasing in Android phones. These bugs can allow the software to escape from sandboxes and cause other problems.
According to the company, memory safety flaws have decreased significantly over the last few years/releases. The annual number of memory safety vulnerabilities has dropped from 223 to 85 between 2019 and 2022.
So why is there a drop in security issues? Google quickly pointed out that “correlation does not necessarily mean causation.” However, the probable culprit is the decision by Android to write most of its newer code in Rust programming languages and not older languages such as C or C++. Rust ensures memory safety and significantly reduces the risk of memory security issues.
Google posted in a blog post that “From 2019 to 2020, it has fallen from 76% to 35% of Android’s total vulnerabilities.”
In 2022, till now, memory safety vulnerabilities are significantly less compared to other extensive vulnerabilities. However, Rust codes are gradually rising in percentage. Google also stated that there had been no security issues in Android’s Rust codes.
While there are many security issues beyond memory safety, Android phones and tablets are now safer due to the Rust transition. This is certainly something to be proud of.