This Google Security Blog post discusses Android’s successful adoption of Rust programming language, showing that memory safety vulnerabilities have dropped below 20% of total vulnerabilities in 2025. The key finding is that Rust code demonstrates a 1000x reduction in memory safety vulnerability density compared to C/C++ code, while also improving development efficiency with 4x lower rollback rates and 25% faster code reviews.
The post details how Rust is expanding beyond Android system services into the Linux kernel, firmware, and first-party Google applications like Nearby Presence and secure messaging protocols. It also analyzes a near-miss memory safety vulnerability (CVE-2025-48530) in Rust code that was caught before release, emphasizing that Android’s Scudo hardened allocator prevented exploitation and that even with this incident, Rust’s vulnerability density remains orders of magnitude lower than C/C++.
The overall message is that Rust enables Android to “move faster while fixing things” - achieving better security without the traditional trade-offs of reduced performance or slower development, challenging the historical assumption that security improvements must come at a cost to productivity.