How Google reduced Android’s security vulnerabilities by 52%

Google has been working hard for years to make Android an increasingly secure operating system. Attackers are looking for any vulnerability they can exploit, whether it’s through mundane methods like phishing or more sophisticated methods like memory security security vulnerabilitiesNow Google explains how its Secure Coding approach came about managed to significantly reduce memory security vulnerabilities inside Android In recent years.

Google uses Secure Coding approach to combat memory security vulnerabilities

Memory security security vulnerabilities buffer overflows, format string issues, or dangling pointers that exploit memory-related bugs to interact with or even overwrite memory. Such vulnerabilities are still prevalent in software development. Developers attempt to attack them with a variety of approaches, with mitigations and proactive detections predominating. However, Google Secure Coding As the results prove, it is the ideal approach to minimize memory security vulnerabilities. With Android.

The Secure Coding approach prioritizes the use of memory-safe programming languages ​​from the start. However, there are also programs that have millions of lines of key code written many years ago and developed in “non-memory-safe” languages. So what is Google’s recommendation in these cases? The answer is to gradually migrate to memory-safe languages ​​(like Rust) for new features.

Essentially, Google is recommending that developers start implementing only memory-safe languages ​​when developing new features. Meanwhile, legacy code based on unsafe languages ​​will remain “unchanged” beyond classic maintenance and bug fixes. This means achieving safe, efficient, and cost-effective interoperability between new and legacy code.

Android’s memory security vulnerabilities have decreased by 52% in 6 years

According to Google, the Secure Coding approach has reduced memory security vulnerabilities in Android from 76% to 24% in just 6 years. However, the idea of ​​keeping memory-unsafe code may seem counterintuitive. After all, if you’re looking for maximum security, your first thought would be to move all your code to a secure language. While that may be true, Google’s This approach makes sense, and the company explains why.

Code efficiency and cost-effectiveness are key in software development. There are tools or entire systems that have years of development behind them. This involves millions and millions of lines of core code. While a company may start rewriting software from scratch based on memory-safe languages, the investment and effort is probably not worth it. However, it may be different for relatively new developments that don’t have a lot of time behind them.

Benefits of Secure Coding and interoperability

Google claims that its Secure Coding approach, based on code interoperability, is a cost-effective and practical way to adopt memory-safe code. This makes it cost-effective because it allows companies to leverage their previous investments. The cost is significantly lower than rewriting software from scratch. It is also efficient because it allows new features to continue to be developed while integrating new, secure code.

Using inherently memory-safe code also results in lower costs in the long run. Previous approaches supported an endless “attack and defend” cycle between developers and attackers. Relying on mitigations and proactive detection required constant action and investment in response to potential attacks. But Secure Coding allows developers and companies to forget about that and focus on maintaining and improving features or fixing bugs.

There is also greater productivity thanks to lower code rollback rates. That means fewer emergency code rollbacks due to unexpected bugs. Google claims that Rust offers less than half the code rollback rate of C++. Essentially, Secure Coding saves businesses and developers significant time and money. This can be very important in today’s industry where profitability is closely monitored.

Google has announced that it provides interoperability between “Rust ︎ C++ and Rust ︎ Kotlin.” The company has also provided both money and tools to support its approach. For example, Google gave $1,000,000 to the Rust Foundation to support its evolution. It has also provided its own interoperability tools, such as Crubit and autocxx.

How the Secure Coding approach makes software more secure

You might be wondering how an approach that still keeps memory-unsafe code can lead to an exponential decrease in memory safety vulnerabilities. Google explains this in a very technical way in their blog post , but I’ll try to simplify it for everyone.

USENIX Security and Google itself discovered an interesting phenomenon through extensive research. Essentially, the research concluded that the vast majority of memory vulnerabilities in software originate from new code. A significant portion also derives from recently modified code. Google also noticed that the density of Android memory vulnerabilities gradually decreases in older code.

Given that a significant portion of the problem comes from new code, it makes sense to focus on that, right? That’s the logic behind Google’s decision to adopt a Secure Coding approach. So why do more problems and vulnerabilities accumulate in new code? That’s because every programming language has a fundamental characteristic: maturity.

Although the fundamental structure of a language may make it memory unsafe, successive updates can help mitigate this. Therefore, in theory, unsafe code used in older parts of the software may become less vulnerable over time. By combining the maturation of older code with new features developed in new, natively memory-safe code, the result will be an exponential reduction in memory vulnerabilities.

Google recommends Rust as a memory-safe language

Of course, porting chunks of legacy code to languages ​​like Rust can make things even safer. However, that’s not always possible, at least not in a straightforward way. There are cases where moving a single block can bring down the entire castle. Google is adamant that Rust is a memory-safe programming language. So if you’re interested in programming or learning a new language to compete in today’s industry, Rust might be what you’re looking for.

Memory security vulnerabilities aren’t the only vulnerability. Malicious third parties will continue to look for ways to bypass the security layers of any software. However, having strong barriers “inside” software means that attackers will have to resort to more mundane and easily bypassed methods. For example, you can avoid becoming a phishing victim by simply using common sense.