To make Android more secure, Google recommends developers to use Rust to write system code

To make Android more secure, Google recommends developers to use Rust to write system code

As a fairly complete mobile operating system, the Android system involves many components. Broadly speaking, it can be divided into two parts: the application ecosystem and the operating system itself. For developers, the programming language they choose will vary depending on the part of Android they are developing.

For application developers, Java and Kotlin are popular choices, while for developers working on operating systems and internal low-level, C and C++ are popular choices. Today, Google has added a third choice for operating system developers - Rust, because the Android Open Source Project now supports the Rust programming language to develop operating systems.

Limitations of C and C++

The underlying layer of the Android system requires system programming languages ​​such as C and C++. These languages ​​provide developers with control and predictability, which is very important when accessing low-level system resources and hardware. Unfortunately, C and C++ do not provide memory safety guarantees, making them prone to errors and security vulnerabilities. It is the developer's responsibility to manage memory lifespan in these languages, but this is easier said than done in complex and multi-threaded code bases.

C and C++ together make up tens of millions of lines of code on the Android platform. These memory safety vulnerabilities have become the most difficult source of code errors to fix, accounting for about 70% of Android's high-severity security vulnerabilities. Simply fixing these bugs has become insufficient to deal with the problem, and a better approach is to prevent these bugs in the first place.

The lack of memory safety guarantees forces developers to run Android processes in a tightly constrained, permissionless sandbox. However, sandboxes are very expensive in terms of resources, consume additional overhead, and introduce latency. Sandboxes also cannot completely eliminate code vulnerabilities, and due to the high density of bugs, the effectiveness of sandboxes is reduced, further allowing attackers to chain multiple vulnerabilities.

Another limitation, while not unique to C and C++, but applicable to all memory safety issues, is that the error condition must actually be triggered in the instrumented code in order to be detected. So even if your code is well-tested, actual bugs may remain undetected. And when bugs are found, getting them fixed is another task involving a long and expensive process that may not necessarily result in the correct fix. As a result, bug detection becomes unreliable, and given these limitations, bug prevention is a better approach.

Rust and its advantages

Rust provides memory safety guarantees by using a combination of compile-time and runtime checks to enforce object lifetime/ownership and ensure that memory accesses are efficient. This safety is achieved while providing performance comparable to C and C++. Rust also reduces the need for sandboxes, giving developers more overhead space to introduce new features that are safer and lighter.

[[391645]]

While Rust does have its benefits, it's not feasible to switch the entire Android operating system to Rust overnight. And it may not be necessary at all, as most Android memory errors occur in new or recently modified code, with about 50% of code being less than a year old. Google believes that its work on memory-safe languages ​​is best focused on new development rather than rewriting mature C and C++ code.

What switching to Rust means for Android

Rust also focuses on preventing bugs rather than relying heavily on detecting them, thereby improving the correctness of your code. It has several key features such as memory safety, data concurrency, a more expressive type system, immutable references and variables by default, safer integer handling, better error handling in the standard library, and more.

Google said it has been adding Rust support to the Android open source project for the past 18 months. But adding a new language to the Android platform is a huge undertaking. Some toolchains and dependencies need to be maintained, testing infrastructure and tools must be updated, and developers need to be trained.

<<:  How can B-end designers maximize the value of design? Let’s take a look at the summary of JD experts!

>>:  Google Brain's founding member resigned, and he also broke up with Jeff Dean

Recommend

Important reminder: "Heavy taste" please be careful

Do you have no appetite if you don't eat spic...

Qiancheng's toughest modification of mobile phone Douyin unmanned live broadcast

Qiancheng 6.29 latest unmanned live class + Douyi...

How to improve the conversion rate of the lead generation training camp?

The following is a review of a recently concluded...

60 lessons, zero-based course to improve competitiveness with PPT

I would like to recommend to you the PPT tutorial...

Attract new members, monetize and promote community activities!

How to attract new customers? How to be active in...

Dingxiangyuan's ingenious mechanism for free coffee cup growth campaign

DXY is China's leading medical connector and ...

How to design a landing page? From creativity to launch, the whole process!

A loading page is also called a landing page. It ...

Enjoy dual 4G at 399 yuan, and experience the Red Chili Pepper Edition first

The rapid advent of the mobile Internet era has m...

2015 Q3 Mobile Game Market Analysis Report

[[154650]] After the explosive growth in 2014, th...

This "black hole observer" gazes into the darkness in the starry sky

There are many evidences to prove that we and the...

Baidu's senior operations manager teaches you how to do marketing!

1. Internet Logic in the Mobile Era In the mobile...

What should be the first step when taking over a new operation?

Do you understand the product? Know a colleague w...

Metaverse NFT Industry Introductory Course (MPC)

Metaverse NFT Industry Introductory Course (MPC) ...