Rust in Android: move fast and fix things
9 days ago
- #Android Development
- #Rust
- #Memory Safety
- Memory safety vulnerabilities in Android have fallen below 20% of total vulnerabilities for the first time in 2025.
- Rust adoption in Android has led to a 1000x reduction in memory safety vulnerability density compared to C and C++.
- Rust changes have a 4x lower rollback rate and spend 25% less time in code review, improving development efficiency.
- The DORA framework is used to evaluate software engineering performance, focusing on deployment frequency, lead time, change failure rate, and time to restore service.
- Rust code requires fewer revisions and less time in code review compared to C++, leading to productivity gains.
- Rust's low rollback rate improves overall development throughput and reduces disruptions.
- Scudo hardened allocator in Android rendered a Rust-based memory safety vulnerability non-exploitable, demonstrating the effectiveness of defense-in-depth strategies.
- A new deep dive on unsafe code is being added to Comprehensive Rust training to improve developer understanding and practices.
- Rust's vulnerability density is estimated at 0.2 per million lines of code, a 1000x reduction compared to C and C++.
- Unsafe Rust blocks, while a concern, are empirically shown to be less buggy than C and C++ code.