The variety of memory-related vulnerabilities in Android has dropped sharply over the previous 5 years, due to Google’s use of a secure-by-design method that emphasizes the usage of memory-safe languages like Rust for many new code.
Reminiscence questions of safety like buffer overflows and use-after-free bugs now account for simply 24% of all Android vulnerabilities, in comparison with 76% in 2019. Numbers up to now this yr counsel a complete of 36 Android memory-related vulnerabilities for all of 2024, or roughly half the quantity as final yr and a far cry from 223 flaws in 2019.
Safe-by Design Method Pays Off
In a Sept. 25 weblog put up, researchers from Google’s Android and safety groups credited the progress to Secure Coding, a secure-by-design method on the firm that prioritizes memory-safe languages like Rust for brand spanking new code improvement. “Primarily based on what we have realized, it is grow to be clear that we don’t must throw away or rewrite all our present memory-unsafe code,” the researchers wrote. “As an alternative, Android is specializing in making interoperability protected and handy as a major functionality in our reminiscence security journey.”
Reminiscence security vulnerabilities have historically accounted for, and proceed to account for, greater than 60% of all software software program vulnerabilities. They’ve additionally been disproportionately extreme when in comparison with different flaws. As an example, in 2022, memory-related bugs made up solely 36% of all recognized Android vulnerabilities however accounted for 86% of probably the most extreme flaws within the working system and 78% of confirmed exploited Android bugs.
A lot of this has to do with how broadly used programming languages similar to C and C++ enable software program builders to straight manipulate reminiscence, leaving the door open for errors to creep in. In distinction, memory-safe languages like Rust, Go, and C# characteristic automated reminiscence administration and built-in security checks in opposition to widespread memory-related bugs. Quite a few safety stakeholders together with the US Cybersecurity and Infrastructure Safety Company (CISA) and even the White Home have raised issues over heightened safety publicity related to utilizing memory-unsafe languages and the substantial prices concerned in addressing them. Whereas the shift to memory-safe languages has been slowly gaining momentum, many anticipate it is going to take years and probably many years to maneuver present code bases completely to memory-safe code.
A Gradual Transition
Google’s method to the issue has been to make use of memory-safe languages like Rust for brand spanking new Android options whereas leaving present code largely untouched besides to make bug fixes. The result’s that over the previous few years there was a gradual slowdown in new improvement exercise involving memory-unsafe languages matched by a rise in memory-safe improvement exercise, the 2 Google researchers mentioned.
Google started the transition with help for Rust in Android 12 and has been regularly rising use of the programming language inside the Android Open Supply Challenge. Android 13 marked the primary time that a lot of the new code within the working system was in a memory-safe language. On the time, Google emphasised that its aim was to not convert all C and C++ code to Rust, however as an alternative to regularly transition to the brand new programming language over time.
In a weblog put up earlier this yr, members of Google’s safety engineering group famous that they noticed “no real looking path for an evolution of C++ right into a language with rigorous reminiscence security ensures.” However somewhat than strolling away from it suddenly, Google will proceed to put money into instruments to enhance reminiscence security in C and C++ to help the corporate’s present codebases written in these languages.
Considerably, Google discovered that memory-related bugs as a share of all Android vulnerabilities declined not simply due to the corporate’s rising use of a memory-safe language like Rust but additionally as a result of older vulnerabilities decayed with time. The researchers discovered that the variety of vulnerabilities in a given quantity of code — also known as vulnerability density — was decrease in five-year-old Android code in comparison with model new code.
“The issue is overwhelmingly with new code, necessitating a elementary change in how we develop code,” the researchers mentioned.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25644946/eufyCam_S3_Pro___Intruder_image.jpeg "The new EufyCam S3 Pro promises impressive night vision")
/cdn.vox-cdn.com/uploads/chorus_asset/file/23641763/acastro_220614_5290_0001.jpg "18 states want the SEC to stop enforcing crypto regulation")
