Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Android to Support Rust Programming Language to Prevent Memory Flaws

April 7, 2021
android rust programming

Google on Tuesday introduced that its open supply model of the Android working system will add help for Rust programming language in a bid to forestall reminiscence security bugs.

To that finish, the corporate has been constructing elements of the Android Open Supply Undertaking (AOSP) with Rust for the previous 18 months, with plans within the pipeline to scale this initiative to cowl extra features of the working system.

“Managed languages like Java and Kotlin are the most suitable choice for Android app improvement,” Google said. “The Android OS makes use of Java extensively, successfully defending giant parts of the Android platform from reminiscence bugs. Sadly, for the decrease layers of the OS, Java and Kotlin should not an choice.”

password auditor

Stating that code written in C and C++ languages requires sturdy isolation when parsing untrustworthy enter, Google stated the strategy of containing such code inside a tightly constrained and unprivileged sandbox might be costly, inflicting latency points and extra reminiscence utilization.

With reminiscence security bugs in C and C++ constituting about 70% of Android’s high severity security vulnerabilities, the thought is to change to a memory-safe language like Rust and stop them from taking place within the first place.

“Rust supplies reminiscence security ensures by utilizing a mixture of compile-time checks to implement object lifetime/possession and runtime checks to make sure that reminiscence accesses are legitimate,” Google famous.

password auditor

Regardless of the apparent advantages, Google does not intend to rewrite all of its present C and C++ code within the underlying OS, as an alternative focusing its memory-safe language efforts on new or not too long ago modified code which have the next probability of reminiscence bugs.

A few of Google’s ongoing efforts with Rust embody an entire rewrite of Android’s Bluetooth stack, dubbed Gabeldorsche, which it started testing beginning with Android 11 final yr. Additionally within the works is a Rust-based network stack for its open-source Fuchsia working system.

Posted in SecurityTags:
Write a comment