1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google says Rust is the key to cutting Android vulnerabilities

    From TechnologyDaily@1337:1/100 to All on Mon Dec 5 20:30:03 2022
    Google says Rust is the key to cutting Android vulnerabilities

    Date:
    Mon, 05 Dec 2022 20:19:46 +0000

    Description:
    High-severity flaws are on the decline since Google introduced Rust into Android.

    FULL STORY ======================================================================

    The Rust programming language is the key to making the Android operating system safer, Googles engineers have claimed.

    In a blog post published by Android security engineer Jeffrey Vander Stoep, the Googler says the number of severe memory vulnerabilities has
    significantly dropped in the last three years and suggests its all thanks to the OS moving away from memory-unsafe programming languages, C and C++.

    Three years ago, the majority (65%)of Android bugs were either high-severity or critical-severity memory safety bugs (think out-of-bounds read and write flaws, for example). Since then, Google has been steadily writing new Rust code and adding it to Android (as opposed to simply improving existing code). Now, the number of these flaws has dropped significantly, and theyre no
    longer the biggest issue plaguing the mobile OS. Less severe vulnerabilities in a constant

    "From 2019 to 2022 the annual number of memory safety vulnerabilities dropped from 223 down to 85," Vander Stoep explains.

    With Android 12 (released in early October 2021), the OS became a Rust-first product, he said. And while memory safety bugs have declined thanks to the
    use of the novel programming language, other forms of vulnerabilities have remained steady at roughly 20 new flaws discovered every month. However,
    these flaws are not as severe as memory safety bugs. Read more

    This Android malware is so dangerous, even Google is worried


    These malicious Android apps have been downloaded over a million times


    These are the best firewalls right now

    But this doesnt mean Google is giving up on C and C++ completely. The company will continue to invest in tools to write safer C and C++ code, Vander Stoep said, mentioning the Scudo hardened allocator, HWASAN, GWP-ASAN, and KFENCE
    on Android devices. He also said Google increased its use of fuzzing.

    So far, Rust has been pretty reliable, but Vander Stoep knows this might change in the future: To date, there have been zero memory safety vulnerabilities discovered in Androids Rust code, he concluded. We dont
    expect that number to stay zero forever, but given the volume of new Rust
    code across two Android releases, and the security-sensitive components where its being used, its a significant result. Here's the rundown of the best endpoint protection services around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-says-rust-is-the-key-to-cutting-android- vulnerabilites


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)