Heartbleed only an issue for Android 4.1.1

April 9, 2014
4

There has been plenty of talk regarding "Heartbleed" lately. For those who may have somehow missed that story, the simple version is that Heartbleed is a flaw in OpenSSL. But while that is simple to say, this is causing issues for quite a few people. On the flip side, we do have a bit of good news for Android users.

It seems Heartbleed is only causing issues for one specific version of Android. Google recently shared some details on the official Online Security Blog and mentioned how "all versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1.)" For reference, CVE-2014-0160 is Heartbleed.

There hasn't been any specific timeline given as to when an update can be expected for Android 4.1.1. Google said "patching information for Android 4.1.1 is being distributed to Android partners." Basically, it sounds like Google has the fix ready for 4.1.1 users and it is just a matter of when the partners and carriers are ready to begin the rollouts.

Google has combined some of the numbers in recent distribution reports so it is hard to get an accurate figure here. But that said, according to the numbers coming from earlier this month, Android 4.1.x currently accounts for 34.4 percent of Android usage. We can only hope the patching update rolls out quickly, and that Android 4.1.1 makes up a small percentage of the overall Android 4.1.x figure.

SOURCE: Google Online Security Blog


Recent Stories
  • Tigerlily

    I am stuck at 4.1.1 and Verizon is not helping me update and Samsung site says absolutely nothing. Should I not use the phone until a patch is available? Should I just reboot the phone or wipe it? Not sure what to do and there is no good advice anywhere except “wait” but that seems risky to use it as I do all my banking through my phone!

    • programguy

      It may be possible to downgrade to, say, Android 4.1.0. What device do you have? Depending on the device, you could probably find a custom rom such as CyanogenMod which could be based on something other than 4.1.1. The only possible issue would come from certain banking apps detecting that the device is “rooted” (which, in CyanogenMod, it would be). As it is a Samsung, it seems likely that an update will be release–though it will have to go through Verizon also.
      Rebooting the phone or wiping will not solve the problem, though wiping would remove all your personal data temporarily.
      This heartbleed bug is serious, so I would recommend doing whatever it takes to avoid being vulnerable to it.
      Questions welcome!

      • Tigerlily

        Thank you for your help. A friend verified and said you were exactly right and so I ended up buying a new phone from Verizon because I need a safe phone since I do all my banking on it. It was more than I wanted to spend but better than losing access to my banking stuff!

      • programguy

        Good choice.