Google summed up the results of using components in the Rust language in the Android platform. Android’s strategy to introduce secure development practices for new code has been successful. In 2025, for the first time, the share of vulnerabilities caused by errors when working with memory was less than 20% of the total number of vulnerabilities. For comparison, in 2024 this figure in Android was 24%, and in 2019 – 76%. At the same time, the industry average continues to remain at 70%.
The use of Rust code in the development of Android system components began in 2020. In 2025, the volume of new Rust code in Android exceeded the volume of C and C++ code added per year.
The accumulated statistics confirm the previously stated assumption that the main source of security problems is the new code, and for the old code there is an exponential dependence of security on time – over time, errors are detected less and less often in the old code. Ultimately, Google decided not to try to rewrite the old code in memory-safe languages, but to focus on using similar languages for the new code.
In addition to security, the introduction of Rust had a positive impact on the speed, productivity and quality of development. For Rust code, there were 4 times fewer rollbacks of changes as a result of identifying unexpected errors, as well as a 25% reduction in review time.
