X

How to tell if your Android device is vulnerable to Heartbleed

Believe it or not, some Android devices are susceptible to the Heartbleed bug. Here’s what you need to know.

Jason Cipriani Contributing Writer, ZDNet
Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET in the How To section, as well as across several more online publications.
See full bio
Jason Cipriani

heartbleeddetectorandroid.jpg
Jason Cipriani/CNET

The Heartbleed bug just doesn't quit. When Google announced it had patched its key services, it also mentioned Android was largely unaffected, with one (big) exception -- devices running Android 4.1.1.

The good news is Google has already sent a patch to its Android partners. The bad news? Now we have to wait for those partners to implement it, followed by carriers testing and pushing out the update. Android users know how slow this process can be. Hopefully with the critical nature of the Heartbleed bug, and the attention it's received, these partners and carriers will work quickly to get the fix out.

In the meantime, to verify if your Android device is at risk, security company Lookout has released a free app. The app, called Heartbleed Detector, scans your device and reports the results. I have yet to find a device that doesn't report that the offending version of OpenSSL is present, however if it isn't enabled, as in the photo above, then your device is not at risk.

Right now, if your device is affected, there's not much you can do other than wait for an update. You can typically check for updates by going into Settings > About > Software update.

Download Heartbleed Detector to check your device.