Rust is already a favorite for Android development

Google unveiled recently the inclution programming language Rust among allowed languages for Android development.

Since the Rust compiler was included in the Android source tree in 2019, but the language support remained experimental. Some of the first Rust components to ship to Android are new implementations of the Binder interprocess communication mechanism and the Bluetooth stack.

The Rust implementation was carried out as part of a project to strengthen security, promote secure coding techniques and improve the efficiency of identifying problems when working with memory in Android. It is observed that around 70% of all the dangerous vulnerabilities identified in Android are caused by errors when working with memory.

The use of the Rust language, which focuses on safe memory management and provides automatic memory management, it will reduce the risk of vulnerabilities caused by errors during memory handling, such as accessing a memory area after it has been freed and overflowing the buffer limits.

Secure memory handling is ensured in Rust at compile time by checking references, tracking object ownership and object life (scope), as well as evaluating the correctness of access to memory at run time.

Rust also provides means to protect against overflows integer, requires mandatory initialization of variable values ​​before use, better handles errors in the standard library, adopts the concept of references and immutable variables by default, and offers strong static writing to minimize logical errors.

On Android, secure memory management is provided in the Kotlin and Java languages already supported, but not suitable for developing system components due to heavy overhead.

Rust allows to achieve a performance close to the C and C ++ languages, allowing it to be used to develop low-level parts of the platform and components to interface with the hardware.

To ensure the security of C and C ++ code, Android uses sandbox isolation, static analysis, and fuzzing tests. Sandbox isolation capabilities are limited and have reached the limit of their capabilities (further fragmentation in processes is not practical from a resource consumption point of view).

Among the limitations of using sandbox, they mention the high overhead and higher memory consumption caused by the need to generate new processes, as well as the additional latency associated with the use of IPC.

At the same time, the sandbox does not eliminate vulnerabilities in the code, but only reduces the risks and complicates the attack, since the exploitation requires the identification of not one, but several vulnerabilities.

Code testing methods are limited because, to detect errors, you need to create conditions for the manifestation of the problem. It is not possible to cover all possible options, so many errors go unnoticed.

For system processes on Android, Google adheres to the 'rule of two'According which any added code must not meet more than two out of three conditions- Work with unverified input data, use an insecure programming language (C / C ++), and run without hard sandbox isolation (with elevated privileges).

It follows from this rule that the code to process external data must be reduced to least privilege (isolated) or written in a secure programming language.

Google does not aim to rewrite the code C / C ++ existing in Rust, but he plans to use this language to develop new code.

It makes sense to use Rust for new code, since statistically most errors appear in new or recently modified code. In particular, around 50% of the memory errors detected in Android are detected in code written less than a year ago.

Source: https://security.googleblog.com


A comment, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Miguel Rodriguez said

    The irony, when your biggest competitor ends up adopting something you helped develop for your own purposes… Rust is on the rise.