This week, Google developers announced that Rust will become one of the main Android development languages as it has greater security and will prevent emergence of memory bugs.
For this, Google engineers spent 18 months working on various parts of the Android Open Source Project (AOSP) using Rust, and now the initiative is being scaled up to cover more aspects of the OS.
The fact is that code written in C and C++ requires good isolation when parsing untrusted input data, and “containment” of such code in a tightly limited and unprivileged sandbox can be very difficult, as well as cause various problems and additional memory use.
In addition, memory security bugs related to C and C++ are known to account for approximately 70% of serious vulnerabilities in Android. Therefore, in the end, to prevent such problems from occurring, it was decided to switch to a safer language like Rust.
However, Google developers do not intend to rewrite all existing code in C and C++, instead they will focus their efforts on recently changed code, where errors related to memory are more likely to occur. In particular, Gabeldorsche’s Bluetooth stack will be completely rewritten on Rust, and a network stack for the open source Fuchsia operating system is already under development.
Let me remind you that I also talked about how Google recruits a team of experts to find bugs in Android applications.