Last year, we discussed how focusing on vulnerability prevention in new code quickly yields durable and compounding gains in terms of memory safety for the Android platform. This year, we’re looking at how this approach isn’t just fixing things but also helping us move faster.
The 2025 data continues to validate our approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code.
But the biggest surprise was Rust’s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one. We’re expanding our reach by making secure code the default across our entire software stack.
Our first near-miss memory safety vulnerability in unsafe Rust highlights key takeaways from our postmortem. We discovered that Android’s Scudo hardened allocator rendered the vulnerability non-exploitable due to guard pages surrounding secondary allocations. We’re also adding a new deep dive on unsafe code to our Comprehensive Rust training to teach developers how to reason about safe Rust code.
The point of using a memory-safe language like Rust is not just reducing the number of bugs but also boosting the effectiveness of our entire security architecture. Our data indicates that even a more conservative assumption, that a line of unsafe Rust is as likely to have a bug as a line of C or C++, significantly overestimates the risk.
In summary, we’re shifting from “moving fast and then picking up the pieces afterwards” to “moving faster while fixing things.” With the help of Rust, we can improve security and efficiency.
Source: https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html