HomeWinBuzzer NewsGoogle to Slash Android Memory Flaws by 84% in 2024

Google to Slash Android Memory Flaws by 84% in 2024

Google is balancing new memory-safe languages like Rust with improvements to older code in C and C++.

-

Google is taking a two-pronged approach to make its Android code safer by balancing memory-safe programming languages with making older, less secure ones more reliable. Memory-related bugs are responsible for most of the security problems in software, and Google’s latest plan aims to change that. While it’s already pushing new languages like Rust, the company knows it can’t ignore C and C++, which are deeply embedded in its codebases.

For years now, Google has been pushing to make programming safer by using languages that handle memory better. But simply rewriting all the old code isn’t possible – there’s too much of it, and it’s not going anywhere soon. Instead, Google is focused on patching existing C++ and C code to make it harder to exploit.

Old Languages Stay, But Not Without Fixes

Older code written in C and C++ is sticking around for the foreseeable future, but Google is working hard to make sure it doesn’t become a liability. Google engineers have mentioned that, although they’re moving forward with languages like Rust, it’s impossible to throw away the past.

They’re adding more checks and safety measures into their older code. For instance, by introducing bounds-checking into the C++ standard library, they’re reducing memory errors. These measures will run across Google’s vast workload, making even well-aged code less risky.

Memory Safety Problems: Why It Matters

Memory bugs are no small problem. When software tries to access memory incorrectly, it opens the door for vulnerabilities. This is where Google’s work comes in. Many cyberattacks take advantage of these memory flaws, making it a high priority for tech companies to fix. Google revealed that around 75% of zero-day exploits stem from memory safety issues. So, it’s no surprise that it’s trying to crack down on this.

One of the biggest shifts Google is making is embracing languages like Rust, which are inherently safer when it comes to memory management. Rust is already in use for parts of Android, and Google plans to extend it to other areas where speed and safety are key. These new languages prevent memory bugs by design, which is why Google is so keen on expanding their usage.

One of the primary drivers for Rust adoption is its built-in memory safety features. Rust’s design prevents common programming errors that can lead to security vulnerabilities, particularly memory-related issues. This is especially important for companies developing large-scale systems and infrastructure. At the same time, Rust offers performance comparable to languages like C and C++, making it suitable for systems programming and other performance-critical applications.

Microsoft has also been shifting towards Rust for a while now, using it for the Windows 11 kernel and core services in Microsoft 365 instead of C#.

Google isn’t stopping at just new code. Its engineers are working on making old code safer, too. This includes efforts like Chrome’s MiraclePtr, which has already reduced use-after-free vulnerabilities by more than 50%. They’re also diving into hardware-level fixes with features like Memory Tagging Extension (MTE).

Fixing Problems, Old and New

Fixing memory safety isn’t just about writing new code in new languages. Google is also addressing the flaws in older software, even if it means adding patches to legacy code. These updates might not make C++ perfectly safe, but they reduce the risks significantly.

While shifting to memory-safe languages is the future, Google knows it can’t afford to ignore the vast amounts of existing code that still run the world. To protect billions of users, it’s introducing mitigations that reduce the likelihood of vulnerabilities in its older systems.

Google’s goal is clear: push new, safer languages and secure the old ones. The company has already started rolling out safety fixes across its vast network of services and devices. With languages like Rust, Java, and Kotlin taking on more of the work, it’s hoping to prevent security risks before they arise.

Last Updated on November 7, 2024 2:27 pm CET

SourceGoogle
Markus Kasanmascheff
Markus Kasanmascheff
Markus has been covering the tech industry for more than 15 years. He is holding a Master´s degree in International Economics and is the founder and managing editor of Winbuzzer.com.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x