In a significant shift for Android OS development, the Android Open Source Project (AOSP) has officially adopted the Rust programming language to help prevent memory-related bugs. Traditionally, development tasks in Android OS have relied heavily on C and C++, which, while offering performance benefits, are also notorious for introducing memory safety issues. With Rust now integrated into the Android development ecosystem, the goal is to reduce these risks and improve the overall security, stability, and quality of the platform.
The Android team emphasized that ensuring the correctness of code has become a top priority, especially given that memory safety bugs are responsible for around 70% of high-severity security vulnerabilities in Android. These types of issues are particularly challenging to resolve in C and C++, as developers must manually manage memory lifecycles, making it easy to introduce errors. Rust, on the other hand, offers compile-time checks that enforce object lifetime, ensuring memory accesses are valid and reducing the likelihood of such bugs. Notably, Rust accomplishes this with performance that rivals that of C and C++, making it a strong contender for low-level Android development tasks.
While Java and Kotlin have long been the go-to languages for Android OS development, they are primarily used in higher layers of the platform. These languages provide memory safety but cannot be employed for the lower, more performance-critical layers of the OS. For these parts of Android, languages like C, C++, and now Rust are required due to their ability to deliver predictable performance in resource-constrained environments. Rust’s automatic memory management also removes the burden of manual memory handling, reducing the chances for mistakes, especially in complex, multithreaded environments.
C and C++ are still heavily used in Android OS development, but they lack the same memory safety guarantees that Rust offers. To mitigate risks, Android follows a “rule of two” guideline, which limits code to either handling untrusted inputs, using unsafe languages like C/C++, or running without sandboxing. While this rule helps isolate vulnerabilities, it comes with trade-offs, such as increased overhead and latency. By embracing Rust, the Android team hopes to strike a balance between performance and safety, reducing the impact of security vulnerabilities while maintaining the system’s efficiency.