Google turns to Rust to remedy Android vulnerabilities
Android developers inside Google have been working to add support for Rust for over a year
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Googlehas greenlighted the use of theRustprogramming language inAndroid’s low-level system-code in order to curb the growing number of memory-based security vulnerabilities in the mobile operating system.
In a post in the Google Security blog, members of the Android development team list their efforts to detect, fix, and mitigate the memory safety bugs. Despite their efforts, these vulnerabilities make up about 70% of Android’s high severity security vulnerabilities.
“Memory-safe languages are the most cost-effective means for preventing memory bugs. In addition to memory-safe languages like Kotlin and Java, we’re excited to announce that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself,” wrote Jeff Vander Stoep and Stephen Hines, from the Android Team.
Memory management
The memory safety guarantees of Rust make it particularly useful for low-level systems programming. It is for this very reason that support for Rust has even beenincluded in the bleeding edgebranch of theLinuxkernel.
Android developers work either with Java, and compatible languages like Kotlin, to write the high-level parts of the OS such as the user interface, while the low-level aspects such as the kernel and drivers are best written in C and C++.
However these languages give charge of several crucial aspects such as memory management to the developer. This is one of the charms of the languages and developers welcome the flexibility. But when memory management is improperly implemented it results in security issues, such as buffer overflows and overreads, leading to Android’s current predicament.
The Google developers note in the blog that they’ve been working behind the scenes of adding support for Rust in Android for the past 18 months, and promise to showcase some of the presumably internal early adopter projects in the coming months.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:The Register
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
iStorage Group acquires Kanguru Solutions as it looks to expand security offering
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
