Google has released details on the methods it has used to increase the security of the Android operating system.
Security is one of the most important factors for technology users; For this reason, Google has recently explained how to improve the security of Android and the measures that are taken to deal with common threats.
According to ZDnet, Google has revealed that 59% of the critical security vulnerabilities that affect the Android operating system are memory problems. Top-level memory security issues are one of the most important security vulnerabilities, and consequently, there are problems with bypass licenses.
In fact, 21% of the problems that Google security engineers solved in 2019 is the second option.
Memory problems are usually the highest level of security vulnerabilities on large platforms such as Java, Windows 10 and Chrome. Google engineers said last year that 70 percent of Chrome’s security vulnerabilities are memory security issues.
Earlier, Microsoft engineers said that 70 percent of the bugs in the company’s products were due to memory security vulnerabilities or software problems. These bugs make it possible to over-access memory.
Google has recently said it is encouraging developers to use secure memory programming languages such as Java, Kotlin and Rust, but is also working to improve the security of C and C ++. The mentioned cases are part of the company’s efforts to make Android as secure as possible and protect this operating system against malware and profiteers.
Google says in a post from the Android security and privacy team on its website:
C and C ++ languages do not provide memory security in the same way as languages such as Java, Kotlin, and Rust. Given that most of the security vulnerabilities reported in Android are memory-related security issues, a dual approach is used: improve the security of C and C ++ programming languages as much as possible and encourage more use of other languages that are secure in memory.
Amazon Web Services (AWS) and Microsoft are also encouraging developers to use Rust for security reasons. Mozilla created this programming language for Firefox to address C ++ security issues in the Gecko engine. Version 1.0 Rust was released in 2015; But it is still relatively little accepted by others. Microsoft pays more attention to system programming than to program development. AWS used the language to build Bottlerocket, a Linux -based operating system .
The vast majority of bugs that Google fixed last year were related to media, Bluetooth, and NFC components. Google revealed in 2015 that the media library was one of the main options affected by Stagefright security issues.
According to Google, the effort to make the Android media framework more powerful means that the company did not receive a single report of significant vulnerabilities in this area in 2020.
Google also provided details on the security and performance exchanges of its engineers as it reviewed the various departments to reduce existing vulnerabilities. According to the company, in addition to secure programming languages, there are other ways to fix security vulnerabilities, including the sandbox security layer. The company explained:
Adding too many different items to some components or the whole system can reduce the battery life and make the device less responsive, resulting in a negative user experience. This is especially true for low-end devices that need to be upgraded in the security sector as well. So our effort is to be able to fix security vulnerabilities with better and more acceptable options.