Google today says it is encouraging developers to move to memory-safe program languages such as Java, Kotlin, and Rust, but is also attempting to improve the safety of C and C++. These are part of its efforts to harden Android and protect the OS against malware and exploits.
"C and C++ do not provide memory safety the way that languages like Java, Kotlin, and Rust do. Given that the majority of security vulnerabilities reported to Android are memory safety issues, a two-pronged approach is applied: improving the safety of C/C++ while also encouraging the use of memory safe languages," Google says in a blogpost from the Android Security & Privacy Team.
According to Google, its efforts to harden the media server framework in Android meant that in 2020 it received not a single report of remotely exploitable critical vulnerabilities in Android media frameworks.
Google also details some of the security and performance trade offs its engineers weigh up when considering what additional mitigations to add to Android. This decision is complicated by the need for Android to support cheap Android phones.
Beyond memory-safe languages, some of the mitigations in Android include sandboxing, Address Space Layout Randomization (ASLR), Control Flow Integrity (CFI), Stack Canaries, and Memory Tagging.
"Adding too much overhead to some components or the entire system can negatively impact user experience by reducing battery life and making the device less responsive. This is especially true for entry-level devices, which should benefit from hardening as well. We thus want to prioritize engineering efforts on impactful mitigations with acceptable overheads," Google notes.