Google will use Rust to prevent memory bugs in the Android OS, one of the most frequent causes of security vulnerabilities. As a first step in this direction, the Android Open Source Project now supports Rust as an OS development language.

According to Jeff Vander Stoep and Stephen Hines, engineers in the Android Team,

Memory safety bugs in C and C++ continue to be the most-difficult-to-address source of incorrectness. We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android releases.

The problem is C/C++ may be hard to get right, especially with complex or multi-threaded code, and this leads to memory bugs that, in spite of all prevention efforts, account for about 70% of Android high-severity security vulnerabilities.

While large parts of the Android ecosystem, including apps and most high-level frameworks, are written in Java or Kotlin which provide a more secure memory-management environment, lower-level components of the OS are written in C/C++. Those include the boot loader, the hypervisor, drivers, and many more.

The traditional approach to making C/C++ code less incorrect, thus secure, is bug detection. This is crucial in all languages, say Google engineers, albeit inefficient and expensive. This is mostly due to bugs being hard to detect and expensive to fix.

#rust