Millions of android devices vulnerable to heartbleed bug

Not only websites and router are vulnerable to the web-wide bug Heartbleed but also certain Android models are at risk too.

SEE ALSO: Find ‘Heartbleed’ vulnerable sites and if you’ve to change your password

Image credit: Bloomberg
As Google said in its own Heartbleed disclosures on 9 april that Android devices running Android 4.1.1 Jelly Bean are vulnerable to Heartbleed. Google said patching information is being distributed to its Android partners.
So how many phones are still running Android 4.1.1? That’s difficult to determine. Although 34.4% of Android devices are running Android Jelly Bean, Google doesn’t break out how what percentage of users are on its various versions — 4.1.1 and 4.1.2.

The latest version of Jelly Bean is 4.1.2, which was released in October 2012.

A Google spokesperson confirmed to Bloomberg that there are “millions” of devices running Android 4.1.1.

Because Android updates are controlled by phone manufacturers and wireless carriers, it can be challenging to determine what versions of Android are available for various devices. We do know, however, that the HTC One S is running Android 4.1.1.

Heartbleed underscores what has long been one of Android’s biggest problems: pushing out software updates to its myriad vendors. Android updates are the responsibility of the device maker, and often need to be approved by wireless carriers. The only exceptions are Google-made devices, such as the Nexus series and Google Play Edition phones.

Previous attempts at getting phone manufacturers and carriers to adopt Android updates have not met with success. If there is a silver lining to Heartbleed, it is that this might scare device makers into pay more attention to versions (and to put in better processes for security updates).

Sources:

  1. Google Online security blog
  2. Bloomberg.com
  3. Mashable.com

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.