Google Reports Major Drop in Android Memory Safety Flaws After Adopting Rust

Google has announced a significant milestone in its long-term effort to improve Android security: for the first time, memory-safety vulnerabilities now account for less than 20% of all reported Android vulnerabilities. This shift marks a major success in Google’s ongoing transition from C/C++ to the Rust programming language.

Rust Adoption Dramatically Reduces Vulnerability Density

According to Jeff Vander Stoep of Google’s Android Security team, Rust has delivered results far beyond initial expectations. The company now observes a 1,000x reduction in memory-safety vulnerability density in Rust code compared to legacy C and C++ components.

But the benefits extend beyond security hardening. Google reports that Rust code:

• Requires 20% fewer code revisions

• Has a 4x lower rollback rate

• Spends 25% less time in code review

In other words, the security-focused language has simultaneously improved development velocity. As Vander Stoep explains, “The safer path is now also the faster one.”

This represents a key shift: memory-safe languages like Rust are no longer viewed as a trade-off between safety and performance, but rather an enabler of both.

Expanding Rust Across the Android Ecosystem

Google plans to broaden Rust adoption throughout Android, extending it into:

• The Android kernel

• Firmware components

• Critical system and first-party apps, including:

  • Nearby Presence

  • Message Layer Security (MLS)

  • Chromium components

Chromium has already replaced several core parsers — including PNG, JSON, and web fonts — with Rust-based alternatives that are memory-safe by design.

A Real-World Test: The CrabbyAVIF Vulnerability

Despite Rust’s strong safety guarantees, Google stresses that the language alone is not a universal solution. To illustrate this, the company highlighted a recent “near-miss” flaw, CVE-2025-48530, found in CrabbyAVIF — a Rust-based AVIF image parser implemented with some unsafe code blocks.

The vulnerability involved a linear buffer overflow that could have enabled remote code execution. However:

• It was caught internally before public release.

• Android’s Scudo hardened memory allocator rendered it non-exploitable in practice.

The case reinforces Google’s stance that Rust is a foundational component of a defense-in-depth strategy — not a replacement for complementary safety mechanisms like hardened allocators, sandboxing, or exploit mitigation technologies.

A Safer, More Efficient Future for Android Development

Google acknowledges that C and C++ will remain part of the ecosystem for the foreseeable future. But Rust represents a fundamentally different model: one where developers can build faster while simultaneously reducing entire classes of critical vulnerabilities.

The continued drop in memory safety flaws — from 223 in 2019 to fewer than 50 in 2024, and now below 20% of total vulnerabilities — demonstrates the profound impact of adopting memory-safe languages at scale.

Google’s conclusion is clear: Rust makes Android both more secure and more efficient to develop, marking a major step forward for the platform’s long-term resilience.