Similar to any widely-used software program, safety vulnerabilities are continuously found (and later patched) in Android on a regular basis. Fortunately, one sort of safety drawback is on the decline, because of a change in programming languages.
Google printed a weblog submit on its safety weblog this week, explaining that reminiscence security vulnerabilities — the place buffer overflows and different comparable issues in code can enable different software program to interrupt out of sandboxes and trigger issues — are on the decline in Android telephones. The corporate mentioned, “we see that the variety of reminiscence security vulnerabilities have dropped significantly over the previous few years/releases. From 2019 to 2022 the annual variety of reminiscence security vulnerabilities dropped from 223 all the way down to 85.”
So, why the drop in safety issues? Google was fast to notice that “correlation doesn’t essentially imply causation,” however the probably offender is the choice to write down a lot of Android’s newer code within the Rust programming language, somewhat than older languages like C or C++. Rust enforces reminiscence security, drastically decreasing the potential of safety issues associated to reminiscence.
Google revealed within the weblog submit, “From 2019 to 2022 it has dropped from 76% all the way down to 35% of Android’s complete vulnerabilities. 2022 is the primary 12 months the place reminiscence security vulnerabilities don’t signify a majority of Android’s vulnerabilities.” Rust remains to be not many of the new code added annually, but it surely the proportion of Rust code is progressively growing. Google additionally famous that, to this point, zero safety issues have been found in Android’s Rust code.
There are nonetheless many different potential safety issues outdoors of reminiscence issues of safety, but it surely looks as if Android telephones and tablets are safer due to the transition to Rust. That’s definitely value celebrating.
Supply: Google Safety Weblog
