The share of Android vulnerabilities attributable to reminiscence questions of safety has dropped from 76% in 2019 to solely 24% in 2024, representing a large lower of over 68% in 5 years.
That is nicely beneath the 70% beforehand present in Chromium, making Android a wonderful instance of how a big challenge can steadily and methodically transfer to a protected territory with out breaking backward compatibility.
Google says it achieved this end result by prioritizing new code to be written in memory-safe languages like Rust, minimizing the introduction of latest flaws with time.
On the similar time, the previous code was maintained with minimal modifications targeted on vital security fixes fairly than performing in depth rewrites that will additionally undermine interoperability.
“Primarily based on what we have realized, it is develop into clear that we don’t must throw away or rewrite all our current memory-unsafe code,” reads Google’s report.
“As an alternative, Android is specializing in making interoperability protected and handy as a main functionality in our reminiscence security journey.”
This technique makes older code mature and turns into safer over time, lowering the variety of memory-related vulnerabilities in it no matter what language it was written in.
These two pillars within the Android constructing technique had a synergistic impact in direction of the dramatic lower of reminiscence flaws on this planet’s most generally used cell platform.
Google explains that, whereas it might appear dangerous to go away older code basically unchanged and although new code is anticipated to be higher examined and reviewed, the other is occurring, regardless of how counter-intuitive it might appear.
It’s because current code modifications introduce most flaws, so new code nearly at all times accommodates security issues. On the similar time, bugs in older code are ironed out until builders carry out in depth modifications to it.
Google says that the business, together with itself, has gone by way of 4 important phases in coping with reminiscence security flaws, summarized as follows:
- Reactive patching: Initially, the main target was on fixing vulnerabilities after they had been found. This strategy resulted in ongoing prices, with frequent updates wanted and customers remaining susceptible within the meantime.
- Proactive mitigations: The subsequent step was implementing methods to make exploits more durable (e.g., stack canaries, control-flow integrity). Nevertheless, these measures usually got here with efficiency trade-offs and led to a cat-and-mouse recreation with attackers.
- Proactive vulnerability discovery: This era concerned utilizing instruments like fuzzing and sanitizers to seek out vulnerabilities proactively. Whereas useful, this technique solely addressed signs, requiring fixed consideration and energy.
- Excessive-assurance prevention (Secure Coding): The most recent strategy emphasizes stopping vulnerabilities on the supply by utilizing memory-safe languages like Rust. This “safe by design” technique gives scalable and long-term assurance, breaking the cycle of reactive fixes and dear mitigations.
“Merchandise throughout the business have been considerably strengthened by these approaches, and we stay dedicated to responding to, mitigating, and proactively trying to find vulnerabilities,” defined Google.
“Having mentioned that, it has develop into more and more clear that these approaches aren’t solely inadequate for reaching a suitable stage of threat within the memory-safety area, however incur ongoing and growing prices to builders, customers, companies, and merchandise.
“As highlighted by quite a few authorities businesses, together with CISA, of their secure-by-design report, “solely by incorporating safe by design practices will we break the vicious cycle of continually creating and making use of fixes.”
Final June, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) warned that 52% of probably the most broadly used open-source initiatives use memory-unsafe languages.
Even initiatives written in memory-safe languages usually rely on elements written in memory-unsafe languages, so the security threat is difficult to deal with.
CISA beneficial that software program builders write new code in memory-safe languages similar to Rust, Java, and GO and transition current initiatives, particularly essential elements, to these languages.