As a fairly complete mobile operating system, Android system involves many components. Broadly speaking, it can be divided into two parts, the application ecosystem and the operating system itself. For developers, the programming language of choice will vary depending on the part of Android being developed.
Java and Kotlin are popular choices for application developers; C and C++ are popular choices for developers working on the operating system and the underlying systems. Today Google adds a third option for OS developers, Rust, as the Android Open Source Project now supports Rust programming language for OS development.
The underlying Android system requires system programming languages such as C and C++. These languages provide developers with control and predictability, which are important when accessing low-level system resources and hardware. Unfortunately, C and C++ do not provide memory security guarantees, making them vulnerable to errors and security holes. It is the developer’s responsibility to manage memory lifetime on these languages, but in a complex and multithreaded code base, this is easier said than done.
Together C and C++ make up tens of millions of lines of code on the Android platform. These memory security holes become the most difficult source of code bugs to resolve, accounting for about 70% of the most serious security holes in Android. Fixing these bugs alone becomes not enough to deal with the problem. A better approach is to prevent them in the first place.
The lack of memory security forces developers to run Android processes in a tightly constrained no-permissions sandbox. But sandboxes are costly in terms of resources, incurs additional overhead, and introduces latency. Sandboxes also do not completely eliminate code vulnerabilities, and because of the high bug density, sandboxes are less effective, further allowing attackers to chain multiple vulnerabilities.