Rust in Android: move fast and fix things

Original Article ↗ Hacker News Discussion ↗

Rust vs C/C++ Memory Safety

  • Many see Google’s reported ~1000x lower memory-safety bug density in Rust vs Android’s C/C++ as decisive evidence that C++ should no longer be used for new systems code.
  • Others stress Rust is not perfectly safe: unsoundness trackers exist, there are rare “safe Rust” soundness holes, and unsafe blocks are still required (~4–5% of Android Rust code).
  • Several commenters argue the key win is that memory-unsafe regions are localized and reviewable (unsafe blocks), whereas in C/C++ the entire codebase is suspect.

Statistical Claims and Confounding Factors

  • Some praise the data: dramatic drop in memory-safety vulns and ~4x lower rollback rates for Rust changes match everyday experience that Rust code is easier to get right.
  • Skeptics argue the analysis doesn’t fully control for confounders:
    • Rust is primarily used for new or well-understood subsystems, often with good tests.
    • Old C/C++ tends to be harder and riskier to change.
  • Others counter that earlier Google posts already showed new C/C++ code dominates new vulns, so the comparison is more apples-to-apples than critics suggest.

Tooling and Build Systems

  • Strong praise for Cargo vs CMake/autotools: declarative manifests, integrated package manager, no manual flag wrangling.
  • Some push back: Cargo is “opaque,” hard to vendor dependencies for offline or distro packaging, and poorly supports precompiled distribution.
  • Discussion of Android’s internal tooling: Soong for AOSP, Bazel/Blaze for proprietary code, NDK relying on CMake/ndk-build + Gradle, which some call antiquated and complex.

Syntax, Learning Curve, and Developer Experience

  • Opinions split on Rust syntax: some prefer C/Go-style minimalism; others see Rust as closer to ML/Swift with pattern matching, algebraic data types, and expressive enums.
  • Multiple comments distinguish “syntax complaints” from the real difficulty: ownership, lifetimes, and borrow checking. Rust is described as a “wall” that front-loads pain but makes refactoring and maintenance safer.
  • Several note that junior developers may struggle with the compiler at first, but IDE/tooling and rich error messages help.

Scope of Rust’s Applicability

  • Supporters argue Rust’s safety and refactorability make it ideal for security-critical, low-level, or heavily concurrent code (kernels, Android subsystems, parsers, crypto).
  • Critics say it’s overhyped for domains where GC’d languages suffice or where careful C/C++ with static/dynamic analyzers and strong testing is “good enough,” and worry about rewrite risk and ecosystem churn.
  • There is broad agreement that “new code in Rust” is easier to justify than mass rewrites, though some large components (Bluetooth, codecs, parsers) are being rewritten where legacy C/C++ has a bad security history.

Android/NDK and Ecosystem Support

  • Commenters note there is still no first-party Rust support in the Android NDK or Studio: official docs, integrated Rust toolchains, mixed-language debugging, and Rust bindings for NDK APIs are missing.
  • Some argue that until this exists, Rust for Android apps remains community-driven and relatively niche, even as Google increasingly uses Rust internally.