For the past few years, Google has been encouraging developers to write Android apps with Kotlin. The underlying OS still uses C and C++, though Google today announced Android Open Source Project (AOSP) support for Rust.
This is part of Google’s work to address memory safety bugs in the operating system:
We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android releases. Yet in spite of these efforts, memory safety bugs continue to be a top contributor of stability issues, and consistently represent ~70% of Android’s high severity security vulnerabilities.
The company believes that memory-safe languages, like Rust, are the “most cost-effective means for preventing memory bugs” in the bootloader, fastboot, kernel, and other low-level parts of the OS. Unlike C and C++, where developers manage memory lifetime, Rust “provides memory safety guarantees by using a combination of compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid.” Google has been working to add this support to AOSP for the past 18 months.
Performance is equivalent to the existing languages, while increasing the effectiveness of current sandboxing and reducing the overall need for it. This allows for “new features that are both safer and lighter on resources.” Other improvements include data concurrency, a more expressive type system, and safer integer handling.
As for existing code, Google is focusing more on new Rust development rather than rewriting mature code. This comes as most “memory bugs occur in new or recently modified code, with about 50% being less than a year old.”
The comparative rarity of older memory bugs may come as a surprise to some, but we’ve found that old code is not where we most urgently need improvement. Software bugs are found and fixed over time, so we would expect the number of bugs in code that is being maintained but not actively developed to go down over time.
Google will share a few early adopter projects in the coming months, with scaling Rust to more parts of Android being a “multi-year project.”
FTC: We use income earning auto affiliate links. More.