Google has announced a significant reduction in memory vulnerabilities within Android, decreasing from 76% to 24% over the past six years. This improvement stems from the company’s strategic shift toward memory-safe programming languages, notably Rust, as part of its secure-by-design initiative.
The tech giant highlighted that focusing on Safe Coding for new features not only mitigates overall security risks in the codebase but also makes the transition more “scalable and cost-effective.”
As new memory-unsafe development slows down, the adoption of memory-safe practices takes precedence, resulting in a decline in memory safety vulnerabilities, explained Google’s Jeff Vander Stoep and Alex Rebert in a recent post shared with The Hacker News. Intriguingly, the number of memory safety vulnerabilities tends to decrease even amid an increase in the amount of new memory-unsafe code.
This paradox is rooted in the exponential decay of vulnerabilities, with research indicating that many vulnerabilities exist in new or recently modified code. Vander Stoep and Rebert emphasized,
“The problem is overwhelming with new code, necessitating a fundamental change in how we develop code. Code matures and gets safer with time, exponentially, making the returns on investments like rewrites diminish over time as code gets older.”
Since formally announcing its commitment to supporting Rust in Android in April 2021, Google began prioritizing the transition to memory-safe languages around 2019. This proactive shift has led to a dramatic decrease in memory safety vulnerabilities from 223 in 2019 to fewer than 50 in 2024.
The reduction in vulnerabilities is also attributed to advancements in proactive measures, moving from reactive patching to proactive mitigation and vulnerability discovery through tools such as Clang sanitizers. Google noted that memory safety strategies should evolve to emphasize “high-assurance prevention” by integrating secure-by-design principles into the very fabric of software development.
“Instead of focusing on the interventions applied (mitigations, fuzzing), or attempting to use past performance to predict future security, Safe Coding allows us to make strong assertions about the code’s properties and what can or cannot happen based on those properties,” Vander Stoep and Rebert stated.
Furthermore, Google is concentrating on facilitating interoperability between Rust, C++, and Kotlin, rather than solely relying on code rewrites. This approach is seen as a “practical and incremental” strategy for adopting memory-safe languages and ultimately reducing entire classes of vulnerabilities.
“Adopting Safe Coding in new code offers a paradigm shift, allowing us to leverage the inherent decay of vulnerabilities to our advantage, even in large existing systems,” Google noted.
The company also announced an enhanced collaboration with Arm’s product security and GPU engineering teams to identify and address security shortcomings across the Android ecosystem. This partnership has led to the discovery of multiple memory issues in Pixel’s driver code and Arm’s Valhall GPU firmware.
“Proactive testing is good hygiene as it can lead to the detection and resolution of new vulnerabilities before they’re exploited,” both Google and Arm emphasized.