Google has introduced various initiatives to enhance the security of Android, including the use of programming languages that ensure safe memory management, employing static analyzers, and designing APIs with a focus on safety. These efforts have significantly reduced Android C vulnerabilities from 76% in 2019 to 24% in 2024, well below the industry average of 70%. (source)
According to Google engineers, the primary source of security issues lies in new code, emphasizing the importance of modernizing development methods for new code. Over time, existing code becomes more secure, with a 3.4 times lower vulnerability density on average compared to new code. The implementation of safe memory management methods in Android and Chromium projects has yielded a 7.4 times difference in vulnerability density. (source)
By addressing memory-related errors in new code, the detection of such errors in old code diminishes over time. Google advises against rewriting old code, instead recommending a focus on secure memory management languages for new code while ensuring compatibility with existing code.
Besides reducing vulnerabilities, safe programming methods improve development performance, enhance code quality, and positively impact performance. For example, migrating Chromium’s QR code generation code to RUST increased performance by 95% by eliminating overhead costs associated with Sandbox isolation.
The simplification of testing and early error detection contribute to the speed and quality of development. In RUST code, the number of changes due to unforeseen errors is halved compared to C++ code, underscoring the benefits of safe programming practices. (