Last year, Google announced support for Android Open Source Project (AOSP) για την Rust και σήμερα η εταιρεία ανέφερε τη μείωση των τρωτών σημείων better safetys in memory.
Google stated that “the number of memory vulnerabilities has decreased significantly in recent years.
Specifically, the number of annual memory security vulnerabilities dropped from 223 to 85 between 2019 and 2022. They now account for 35% of Android's total vulnerabilities, down from 76% four years ago. In fact, "2022 is the first year where memory security vulnerabilities do not account for the majority of Android vulnerabilities."
This count is for "vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through the Vulnerability Reward Program (VRP) as well as internally reported vulnerabilities."
During this time, the amount of memory-unsafe code entering Android has decreased:
“Android 13 is the first Android release where the majority of new code added to the release is in language memory safe.”
Rust makes up 21% of all new code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android's Virtualization framework (AVF), and "various other open source components and dependencies."
"Google considers it important that no "memory security vulnerabilities in Android's Rust code" have been discovered so far in Android 12 and 13.
Today's Google post it also talks about vulnerabilities which do not concern the security of the memory and its future plans:
“… Υλοποιούμε userspace HALs στην Rust. Προσθέτουμε υποστήριξη για την Rust σε αξιόπιστες εφαρμογές. Έχουμε μετεγκαταστήσει το VM firmware στο το Android Virtualization Framework σε Rust Με την υποστήριξη του Rust landing στο Linux 6.1, είμαστε ενθουσιασμένοι που φέρνουμε την ασφάλεια της μνήμης στον πυρήνα, ξεκινώντας από τα programs kernel driver.
