This week, Google developers announced that Android will receive support for the Rust language, as it is more secure and will prevent memory errors from occurring. To achieve this, Google engineers spent 18 months working on various parts of the Android Open Source Project (AOSP) using Rust, and now the initiative is being scaled up to cover more aspects of the OS.
“Managed languages like Java and Kotlin are the best choice for developing Android applications. The Android OS makes extensive use of Java, effectively protecting large parts of the Android platform from memory errors. But, unfortunately, Java and Kotlin are not suitable for lower OS levels, ”the company says.
The fact is that code written in C and C ++ requires good isolation when parsing untrusted input data, and "containment" of such code in a tightly limited and unprivileged sandbox can be very difficult, as well as cause various problems and additional memory use.
Additionally, C and C ++ memory security bugs are known to account for approximately 70% of serious Android vulnerabilities . Therefore, in the end, to prevent such problems from occurring, it was decided to switch to a safer language like Rust.
However, Google developers do not intend to rewrite all existing code in C and C ++, instead they will focus their efforts on recently changed code, where errors related to memory are more likely to occur. In particular, Gabeldorsche's Bluetooth stack will be completely rewritten on Rust, and a network stack for the Fuchsia open source operating system is already under development.