Just last month, we saw the first baby steps toward the adoption of the memory-managed Rust programming language into the Linux kernel. Google has apparently been thinking along the same lines and, in a lengthy blog post, announced that the Android Open Source Project now supports Rust for low-level OS components.
The Android team does a ton of work pushing Kotlin and Java for app developers, but those languages rely on the Android Runtime (ART) in order to function. You can’t write anything lower-level than ART in Java, since there would be no runtime environment to run it on. In the past, Google has typically used C or C++, but neither of these are memory-managed languages though, and that opens Android up to memory leaks and buffer overflows.
Google lays out the benefits of Rust over C/C++, saying “Rust provides memory safety guarantees by using a combination of compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid. This safety is achieved while providing equivalent performance to C and C++.” In line with similar stats that Microsoft has published, Google’s blog post says “memory safety bugs continue to be a top contributor of stability issues, and consistently represent ~70% of Android’s high severity security vulnerabilities.”