Google says its effort to prioritize memory-safe software development over the past six years has substantially reduced the number of memory safety vulnerabilities in its Android operating system.
In a report scheduled for publication on Wednesday, Google reveals the percentage of Android vulnerabilities attributable to memory safety issues has fallen from 76 percent in 2019 to an expected 24 percent by the end of 2024, which is significantly less than the industry norm of 70 percent.
That's a meaningful reduction in the risk profile of Android code, which Android security team member Jeff Vander Stoep and Google senior software engineer Alex Rebert attribute to the adoption of Safe Coding, a set of software development practices that attempts to avoid the introduction of vulnerabilities through memory safe programming languages, including Rust; static analysis; and API design.
"The shift from previous generations to Safe Coding can be seen in the quantifiability of the assertions that are made when developing code," said Vander Stoep and Rebert.