Disturbing news: The now-infamous Heartbleed security flaw might reach further than your favorite websites. It could affect your mobile device, too.
According to an announcement by Google, smartphones and tablets running a specific version of Android were affected by the widespread web security bug, which could potentially spill your sensitive login information (like passwords).
The company assured Android owners in a blog post April 9 that most versions are not affected by the flaw. However, as Bloomberg notes, Google added that a version called 4.1.1 Jelly Bean is a “limited exception.”
That version of Android was released in 2012 and is likely to be running on older Android smartphones. According to the most recent statistics released by Google, about 34 percent of Android devices use a version of the 4.1 Jelly Bean software. Though the company said that fewer than 10 percent of devices in use are vulnerable, a Google spokesperson confirmed to Bloomberg that millions of devices still run 4.1.1 Jelly Bean.
So how can you check to see if your device is affected? You’ll need to go to the Settings menu of your phone and find your way to the About Phone section. There you’ll be able to learn what version of Android you’re running and see if any updates are available.
There’s also a free Android app available that will tell you if your device is vulnerable to the bug.
Whether there is an immediate update to patch this bug is still unclear. Google’s blog post says that “patching information for Android 4.1.1 is being distributed to Android partners.” A Verizon spokesperson told Bloomberg that the company was aware of the “security vulnerability referred to as ‘Heartbleed,’ ” and that the company was “working with our device manufacturers to test and deploy patches to any affected device on our network running Android 4.1.1.”
We’ve reached out to Google for comment. In the meantime, fingers crossed that you’re not affected.
If you need to catch up on which sites are affected by the Heartbleed bug, check out my comprehensive list here.