[bgwalter]

Further up they refer to Android C/C++ code, not C/C++ in general:

"We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code."

Which means they had a pretty poor code base. If they had spent more time on engineering and less time on features that are canceled after 12 months anyway, they could have written better C/C++.

[blub]

I peruse Android system code at work and their C++ code base is not designed for safety. It’s just typical C++ code as any large company would write it.

And for a large juicy target like Android, that won’t be good enough to stay ahead of the attackers long term.

Of course, tools like Fil-C or hardware-based security might make Rust vs. C or C++ moot.

Edit: your comment makes a good point. Shame that trigger-happy (c)rustaceans are downvoting everything in sight which is not praising this PR piece disguised as a technical blogpost.

[surajrmal]

While crashing is better than exploitable behavior, catching bugs at compile time is even better. Neither hardware based strategies nor filc actually find bugs at compile time. Also the conversation with respect to security isn't about migrating old code, but what to use for new code that you write.

I will note that developers also feel more productive in rust. That's why they migrate existing things over to it even when it may not be beneficial for security.