GRC Viewpoint

Google Enhances Android Security through Memory-Safe Programming Languages

Tech giant Google has been slowly transitioning toward memory-safe languages. The efforts finally paid off. The annual number of susceptibilities (memory-safety related) was 85 in 2022. To understand the difference, it is imperative to look at the previous history. Compared to 2019, when the vulnerabilities were 223, 85 is certainly safer. The number is merely 35% of android vulnerabilities, as per the latest data.

2022 is the first time wherein memory-safe vulnerabilities do not represent a significant part of Android’s susceptibilities. 

READ MORE: In 2022, Tech Support Scams Will Show An Upward Trend

“On Android, we’re now seeing something different – a significant drop in memory safety vulnerabilities and an associated drop in the severity of our vulnerabilities. This drop coincides with a shift in programming language usage away from memory-unsafe languages. Android 13 is the first Android release where a majority of new code added to the release is in a memory-safe language,” says the official release by Google.

The Rust programming language was initially introduced in Android 12 as a memory-safe viable option instead of C/C++. However, Google has made it clear that its intention was not to convert existing C/C++ to Rust. Instead, the priority is developing new code for the memory-safe language in the future

READ MORE: Recent Microsoft Misconfiguration Made Unauthenticated Data Access Possible

It is certain that Rust is perfect for reducing memory-safe susceptibilities in Android. However, threat actors can leverage the programming language to enhance the complexity of malware. 

Related Articles

Latest Articles