Tech giant Google has been slowly transitioning toward memory-safe languages. The efforts finally paid off. The annual number of susceptibilities (memory-safety related) was 85 in 2022. To understand the difference, it is imperative to look at the previous history. Compared to 2019, when the vulnerabilities were 223, 85 is certainly safer. The number is merely 35% of android vulnerabilities, as per the latest data.
2022 is the first time wherein memory-safe vulnerabilities do not represent a significant part of Android’s susceptibilities.
“On Android, we’re now seeing something different – a significant drop in memory safety vulnerabilities and an associated drop in the severity of our vulnerabilities. This drop coincides with a shift in programming language usage away from memory-unsafe languages. Android 13 is the first Android release where a majority of new code added to the release is in a memory-safe language,” says the official release by Google.
The Rust programming language was initially introduced in Android 12 as a memory-safe viable option instead of C/C++. However, Google has made it clear that its intention was not to convert existing C/C++ to Rust. Instead, the priority is developing new code for the memory-safe language in the future.
It is certain that Rust is perfect for reducing memory-safe susceptibilities in Android. However, threat actors can leverage the programming language to enhance the complexity of malware.