Heartbleed Bug: Millions of Android Smartphones and Tablets at Risk

The Heartbleed Bug which is affecting millions of websites could also put users of millions of Android smartphones and tablets at risk.

In an update on its Online Security blog on Wednesday, Google said Android was not vulnerable to the Heartbleed bug, except for a very specific version - the problem is that the version which is vulnerable is part of a version of Android which makes up the majority of the install base of Android devices around the world.

The specific version which relies on the vulnerable version of OpenSSL is Android 4.1.1 (codenamed Jelly Bean). Google doesn't break down percentages of devices at this level but according to the latest figures from Google, 34.4% the Android devices in use today are using Android 4.1.x.

How many smartphones and tablets is that? Again this is hard to known, but considering that last September Google announced it had activated one billion devices, the number is likely to be in the millions at the very least.

Android 4.1.1 (Jelly Bean)

Google released Android 4.1 (Jelly Bean) back in July 2012 alongside the launch of the Nexus 7 tablet, and since then has issued two updates (Android 4.1.1 and Android 4.1.2)

The Android 4.1.1 update was issued just weeks after Android 4.1 was launched, to fix a specific problem with the Nexus 7 tablet, relating to the inability to change screen orientation in any application.

Google has since updated its software multiple times, with the latest version, Android 4.4 (KitKat), available for all Nexus 7 devices.

Despite this, there are likely to be millions of smartphones and tablets in use around the world still using Android 4.1.1, as a result of users simply not updating their software or manufacturers/networks not pushing further updates to customers.

Fixing the bug

Google has not given specific details of a fix, simply saying: "Patching information for Android 4.1.1 is being distributed to Android partners."

To help Android users worried that they may be vulnerable, mobile security experts Lookout has released an app which will check if you are at risk.

The app, called Heartbleed Detector, is available in the Google Play store now and will simply check which version of OpenSSL you are using and let you know whether or not you are at risk.

The app won't be able to fix the problem however, with Lookout saying to check if you have any software updates available. However if there are no, Lookout says "there isn't anything you can do."

The security company adds: "The good news is that we have yet to see any attacks targeting a mobile device, and while this is a credible risk, the likelihood of you encountering an exploit is low."