Google sees 68% drop in Android memory safety flaws over 5 years

The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years.

This is well below the 70% previously found in Chromium, making Android an excellent example of how a large project can gradually and methodically move to a safe territory without breaking backward compatibility.

Google says it achieved this result by prioritizing new code to be written in memory-safe languages like Rust, minimizing the introduction of new flaws with time.

At the same time, the old code was maintained with minimal changes focused on important security fixes rather than performing extensive rewrites that would also undermine interoperability.

"Based on what we've learned, it's become clear that we do not need to throw away or rewrite all our existing memory-unsafe code," reads Google's report.

"Instead, Android is focusing on making interoperability safe and convenient as a primary capability in our memory safety journey."

Leave a Comment