To make Android more secure, Google recommends developers to use Rust to write system code

To make Android more secure, Google recommends developers to use Rust to write system code

As a fairly complete mobile operating system, the Android system involves many components. Broadly speaking, it can be divided into two parts: the application ecosystem and the operating system itself. For developers, the programming language they choose will vary depending on the part of Android they are developing.

For application developers, Java and Kotlin are popular choices, while for developers working on operating systems and internal low-level, C and C++ are popular choices. Today, Google has added a third choice for operating system developers - Rust, because the Android Open Source Project now supports the Rust programming language to develop operating systems.

Limitations of C and C++

The underlying layer of the Android system requires system programming languages ​​such as C and C++. These languages ​​provide developers with control and predictability, which is very important when accessing low-level system resources and hardware. Unfortunately, C and C++ do not provide memory safety guarantees, making them prone to errors and security vulnerabilities. It is the developer's responsibility to manage memory lifespan in these languages, but this is easier said than done in complex and multi-threaded code bases.

C and C++ together make up tens of millions of lines of code on the Android platform. These memory safety vulnerabilities have become the most difficult source of code errors to fix, accounting for about 70% of Android's high-severity security vulnerabilities. Simply fixing these bugs has become insufficient to deal with the problem, and a better approach is to prevent these bugs in the first place.

The lack of memory safety guarantees forces developers to run Android processes in a tightly constrained, permissionless sandbox. However, sandboxes are very expensive in terms of resources, consume additional overhead, and introduce latency. Sandboxes also cannot completely eliminate code vulnerabilities, and due to the high density of bugs, the effectiveness of sandboxes is reduced, further allowing attackers to chain multiple vulnerabilities.

Another limitation, while not unique to C and C++, but applicable to all memory safety issues, is that the error condition must actually be triggered in the instrumented code in order to be detected. So even if your code is well-tested, actual bugs may remain undetected. And when bugs are found, getting them fixed is another task involving a long and expensive process that may not necessarily result in the correct fix. As a result, bug detection becomes unreliable, and given these limitations, bug prevention is a better approach.

Rust and its advantages

Rust provides memory safety guarantees by using a combination of compile-time and runtime checks to enforce object lifetime/ownership and ensure that memory accesses are efficient. This safety is achieved while providing performance comparable to C and C++. Rust also reduces the need for sandboxes, giving developers more overhead space to introduce new features that are safer and lighter.

[[391645]]

While Rust does have its benefits, it's not feasible to switch the entire Android operating system to Rust overnight. And it may not be necessary at all, as most Android memory errors occur in new or recently modified code, with about 50% of code being less than a year old. Google believes that its work on memory-safe languages ​​is best focused on new development rather than rewriting mature C and C++ code.

What switching to Rust means for Android

Rust also focuses on preventing bugs rather than relying heavily on detecting them, thereby improving the correctness of your code. It has several key features such as memory safety, data concurrency, a more expressive type system, immutable references and variables by default, safer integer handling, better error handling in the standard library, and more.

Google said it has been adding Rust support to the Android open source project for the past 18 months. But adding a new language to the Android platform is a huge undertaking. Some toolchains and dependencies need to be maintained, testing infrastructure and tools must be updated, and developers need to be trained.

<<:  How can B-end designers maximize the value of design? Let’s take a look at the summary of JD experts!

>>:  Google Brain's founding member resigned, and he also broke up with Jeff Dean

Recommend

Strategies for creating 10w+ article titles for new media operations!

A title that cannot be understood in one second i...

Top 10 laptop battery life: Blackie tops the list

Even though mobile phones and tablets are becomin...

The latest data rankings of 59 information flow platforms!

What I want to share with you today is the latest...

How much does it cost to develop a self-service group buying app?

Self-service group buying mini program, how much ...

Tesla poached top Microsoft designers to improve HUD head-up display

Now, they hope to create more innovative car desi...

Fed up with Windows? Eight reasons to choose LXDE as your Linux desktop

At the end of last year, I upgraded to Fedora 25, ...

Xinyou Internet CEO: Creating an ideal connector for multi-screen entertainment

Recently, a piece of news in the gaming industry ...

Historical review: those crazy mobile phone designs ten years ago

[51CTO Translation] With the announcement of the ...

Kaikeba Data Analysis High Salary Training Program Elite Class-030

Kaikeba Data Analysis High-salary Training Progra...