Google has disclosed that due to the ongoing adoption of the Rust programming language in the Android system, the number of memory safety vulnerabilities has dropped below 20% of the total vulnerabilities for the first time.“We chose Rust for safety reasons, as it has achieved a 1000-fold reduction in memory safety vulnerability density compared to C and C++ code in Android. But the biggest surprise is the improvement in software delivery efficiency,” said Google engineer Jeff Vander Stoep. “The rollback rate for code changes using Rust has decreased by four times, and code review time has been reduced by 25%. A safer solution is now also more efficient.”This progress comes more than a year after tech giant Google announced its shift to Rust, which has reduced memory safety vulnerabilities from 223 in 2019 to fewer than 50 in 2024.Part01
Significant Improvement in Development Efficiency
Google pointed out that the amount of modification required for Rust code is about 20% less than that for C++ code, with a significant reduction in rollback rates, thereby improving overall development throughput. The company also plans to extend Rust’s “safety and productivity advantages” to other parts of the Android ecosystem, including the kernel, firmware, and key first-party applications such as Nearby Presence, Message Layer Security (MLS), and Chromium, which has replaced its PNG, JSON, and web font parsers with memory-safe versions implemented in Rust.
Part02
The Importance of a Defense-in-Depth Strategy
Google emphasizes the need for a defense-in-depth strategy, noting that the built-in memory safety features of programming languages are only part of a comprehensive memory safety strategy. For example, Google discovered a memory safety vulnerability (CVE-2025-48530, CVSS score: 8.1) in CrabbyAVIF (an AVIF image file parser/decoder implemented in non-safe Rust) that could lead to remote code execution. Although this linear buffer overflow vulnerability never made it into a public release, Google has fixed it in the August 2025 Android security update.Part03Collaborative Protection of Security MechanismsFurther analysis of this “near-exploitation” vulnerability revealed that the dynamic user-mode memory allocator Scudo in Android prevented it from being exploited. Scudo is designed to guard against heap-related vulnerabilities such as buffer overflows, use-after-free, and double-free issues without sacrificing performance. Google emphasizes that non-safe Rust is “already quite safe,” with its vulnerability density still significantly lower than that of C and C++, and using “unsafe” code blocks in Rust does not automatically disable the language’s safety checks.“While C and C++ will continue to exist, software and hardware security mechanisms are crucial for layered defense, the transition to Rust demonstrates a different path—safer solutions have also proven to be more efficient,” Google concluded.
References:
Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time
https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.htmlRecommended Reading
