Friday, March 31, 2023

It's all about technology

Google: Rust Is The Answer To Android Security

An engineer working for Google said that the Rust programming language is the solution to making the Android operating system more secure, especially when it comes to memory vulnerabilities.

In a post on Google’s blog, Android security engineer Jeffrey Vanderstueb said the number of severe memory vulnerabilities has dropped significantly in the last three years.

Vander Stewepp believes that this was due to the operating system’s shift from memory-unsafe programming languages, such as C and C++.

Three years ago, the majority of Android vulnerabilities, at 65 percent, were memory security vulnerabilities that were either high-risk or critical. Since then, Google has been writing new Rust code and adding it to Android, rather than just improving the existing code. Now the number of such vulnerabilities has decreased significantly, and the mobile operating system is no longer the biggest problem.

“From 2019 to 2022, the annual number of memory security vulnerabilities decreased from 223 to 85,” Vander Stub said. He added that with Android 12, which was launched in early October 2021, the operating system now focuses primarily on the Rust language.

While memory vulnerabilities have decreased thanks to the use of the new programming language, other forms of vulnerabilities have remained constant with approximately 20 new vulnerabilities discovered each month. However, these vulnerabilities are not as dangerous as memory security vulnerabilities.

But this does not mean that Google has completely abandoned my C and C++ languages. Vander Stub said the company will continue to invest in tools for writing safer C and C++ code, pointing to the powerful customization tool Scudo, HWASAN, GWP-ASAN, and KFENCE on Android devices.

While the Rust language is still highly reliable, VanderStueb knows this may change in the future, as so far no memory vulnerabilities have been discovered in Android’s Rust code. But he said: “We don’t expect this number to remain zero forever, but given the size of the new Rust code across two versions of Android, and the security-sensitive components in which the code is used, this is an important finding”.

Get notified whenever we post something new!

Continue reading

Stability AI CEO hints at IPO plans, calls for transparency in AI governance

During the Cerebral Valley AI Conference in San Francisco on Thursday, Emad Mostaque, the CEO and founder of Stability AI, revealed that he plans to take the open-source platform public within the next few years

Amazon’s Audible Tests Advertisements in Audiobooks for Non-Paying Users

Audible, the audiobook company owned by Amazon, has begun testing advertisements in its audiobooks. The experiment is currently limited to non-paying users

“Google Chrome and Classroom Launch New Features for Educators and Students, Including Reading Mode and AI-Powered Hand Raise Detection

Google has recently announced new features for educators and students that will be added to Chrome and Classroom. Among these features is the new “reading mode” for Chrome, which is an AI-powered feature that helps students with dyslexia and ADHD.