April 6 Google announced that the Android Open Source Project (AOSP) will now support the Rust language for development of its mobile operating system, this announcement is part of the company's efforts to address memory security issues in the operating system.
According to Google, memory security flaws often threaten device security, especially for applications and operating systems. For example, in the Android mobile operating system, Google says it found that more than half of the security vulnerabilities addressed in 2019 were the result of memory security bugs.
This, despite considerable efforts by the company and other contributors to the Android Open Source project, to invest or invent various technologies, including AddressSanitizer, improved memory allocators, and numerous fuzzers and other tools to verify code.
"In addition to memory-safe languages such as Kotlin and Java, we are pleased to announce that the Android open source project now supports the Rust programming language for Android operating system development," Google said on its blog.
“We invest a lot of effort and resources in detecting, correcting and mitigating this category of errors, and these efforts are effective in preventing a large number of errors from ending up in different versions of Android. However, despite these efforts, memory security bugs continue to be a leading cause of stability issues, consistently accounting for around 70% of high-severity Android security vulnerabilities, ”Google said.
The overall approach to Android security is multifaceted and based on several principles and techniques. to achieve data-driven solutions that make malicious exploitation more difficult. Earlier this year, Google reported that the Android platform team was working hard to protect its mobile operating system.
Google uses a variety of fonts to determine which areas of the platform would benefit the most from security mitigation measures. The Android Vulnerability Rewards program is a very informative source: security engineers analyze all vulnerabilities submitted under this program to determine the root cause of each vulnerability and its severity.
The lower levels of the operating system require system programming languages like C, C ++, and Rust. These languages are designed with control and predictability as goals. They provide access to low-level hardware and system resources.
They are efficient in the use of resources and have more predictable performance characteristics, since for example with C and C ++, the developer is responsible for managing the lifetime of the memory. Unfortunately, it's easy to make mistakes when doing this, especially in complex, multithreaded code bases.
According to Google, Rust provides security guarantees memory by using a combination of compile-time checks to enforce the lifetime / ownership of objects and run-time checks to ensure valid memory accesses. This security is obtained by offering performance equivalent to that of C and C ++.
Google believes that memory-security-oriented languages like Rust are "the most cost-effective way to prevent memory errors" in the boot loader, fast boot, kernel, and other low-level parts of the operating system.
Languages like Java and Kotlin are the best option for developing Android applications. These languages are designed for ease of use, portability, and security. Android Runtime (ART) manages memory on behalf of the developer.
The Android operating system makes extensive use of Java, which effectively protects much of the Android platform from memory errors, unfortunately, for the lower layers of the operating system, Java and Kotlin are not suitable.
Finally, if you are interested in knowing more about the note, you can consult the details In the following link.