Google Advances Android Security by Migrating Native Code to Rust

Google claimed last year that it was moving Android native code from C++ to Rust, and now the company has published a blog post showing the latest progress using Rust.

Google is rewriting key Android security components that run outside the Linux kernel in Rust, further reducing security vulnerabilities.

Google states that a survey last year showed Android security vulnerabilities dropped from 223 in 2019 to 85 in 2022, and Google attributes the reduction in memory bugs mainly to the increased proportion of Rust code.

Rust’s memory‑safety design allows the compiler to catch most memory‑safety issues at compile time, preventing related vulnerabilities from reaching production.

In Android 13, roughly 21 % of new native code is written in Rust; most of these components run as user‑space system services (i.e., on Linux), while many other components remain in C++. Google is gradually increasing Rust usage in bare‑metal environments to strengthen Android device security.

Google says developers have rewritten the protected virtual machine (pVM) firmware of the Android virtualization framework in Rust, providing a secure root of trust for pVM.

The pVM functions similarly to a bootloader and is built on the open‑source U‑Boot project, which has known integer underflow and memory‑corruption vulnerabilities, especially in its VirtIO driver’s boundary‑check logic.

Google reports that it has fixed the issues found in U‑Boot, and by switching to Rust it can avoid similar memory‑safety bugs in the future.

To support Rust in bare‑metal environments, Google has contributed new projects, fixing a series of bugs in the virtio‑drivers used by the pVM firmware and adding new features.

Google also plans to publish more Rust packages and support bare‑metal development across platforms, noting that although Rust on bare‑metal has limitations, it offers higher safety and productivity compared with C or C++, and the company will continue expanding Rust’s use.