The share of Android vulnerabilities attributable to reminiscence questions of safety has dropped from 76% in 2019 to solely 24% in 2024, representing a large lower of over 68% in 5 years.
That is properly beneath the 70% beforehand present in Chromium, making Android a wonderful instance of how a big mission can steadily and methodically transfer to a secure territory with out breaking backward compatibility.
Google says it achieved this end result by prioritizing new code to be written in memory-safe languages like Rust, minimizing the introduction of recent flaws with time.
On the identical time, the outdated code was maintained with minimal adjustments centered on essential safety fixes fairly than performing in depth rewrites that may additionally undermine interoperability.
“Based on what we’ve learned, it’s become clear that we do not need to throw away or rewrite all our existing memory-unsafe code,” reads Google’s report.
“Instead, Android is focusing on making interoperability safe and convenient as a primary capability in our memory safety journey.”
Supply: Google
This technique makes older code mature and turns into safer over time, decreasing the variety of memory-related vulnerabilities in it no matter what language it was written in.
These two pillars within the Android constructing technique had a synergistic impact in the direction of the dramatic lower of reminiscence flaws on this planet’s most generally used cell platform.
Google explains that, whereas it could appear dangerous to depart older code primarily unchanged and although new code is anticipated to be higher examined and reviewed, the other is occurring, regardless of how counter-intuitive it could appear.
It’s because latest code adjustments introduce most flaws, so new code virtually all the time comprises safety issues. On the identical time, bugs in older code are ironed out until builders carry out in depth adjustments to it.
Supply: Google
Google says that the trade, together with itself, has gone by way of 4 fundamental phases in coping with reminiscence security flaws, summarized as follows:
- Reactive patching: Initially, the main target was on fixing vulnerabilities after they had been found. This method resulted in ongoing prices, with frequent updates wanted and customers remaining susceptible within the meantime.
- Proactive mitigations: The following step was implementing methods to make exploits more durable (e.g., stack canaries, control-flow integrity). Nonetheless, these measures typically got here with efficiency trade-offs and led to a cat-and-mouse recreation with attackers.
- Proactive vulnerability discovery: This technology concerned utilizing instruments like fuzzing and sanitizers to search out vulnerabilities proactively. Whereas useful, this methodology solely addressed signs, requiring fixed consideration and energy.
- Excessive-assurance prevention (Secure Coding): The most recent method emphasizes stopping vulnerabilities on the supply by utilizing memory-safe languages like Rust. This “safe by design” methodology gives scalable and long-term assurance, breaking the cycle of reactive fixes and expensive mitigations.
“Products across the industry have been significantly strengthened by these approaches, and we remain committed to responding to, mitigating, and proactively hunting for vulnerabilities,” defined Google.
“Having stated that, it has turn into more and more clear that these approaches should not solely inadequate for reaching a suitable stage of danger within the memory-safety area, however incur ongoing and rising prices to builders, customers, companies, and merchandise.
“As highlighted by quite a few authorities businesses, together with CISA, of their secure-by-design report, “solely by incorporating safe by design practices will we break the vicious cycle of regularly creating and making use of fixes.”
Final June, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) warned that 52% of probably the most extensively used open-source tasks use memory-unsafe languages.
Even tasks written in memory-safe languages typically rely on parts written in memory-unsafe languages, so the safety danger is sophisticated to handle.
CISA advisable that software program builders write new code in memory-safe languages reminiscent of Rust, Java, and GO and transition present tasks, particularly essential parts, to these languages.
