Heartbleed, a vulnerability in the OpenSSL software library allows an attacker to steal data directly from the memory space of an application.It taps into heartbeats that an SSL/TLS connection produces and any attacker could learn the private keys used to keep data securely encrypted as it travels over the Internet.

Google has said that nearly all versions of AOSP from 4.1 and up contain vulnerable versions of OpenSSL, but all except one had heartbeats turned off, so no one could attack these systems. Only Android 4.1.1 had the heartbeat feature turned on, so those devices are vulnerable. Moreover, some OEMs may have switched heartbeat feature back on in their phone’s software, which leaves them vulnerable too. So how does one check if your phone or any of the apps on it can fall prey to a HeartBleed attack?


Security software company Bluebox has released a Heartbleed Scanner on the Google Play Store, which will quickly check whether your device is safe or not. The Bluebox Heartbleed Scanner can look for apps installed on your device that have bundled their own version of OpenSSL and checks the version of the library and whether heartbeat is enabled.


It’s important that if you find any apps that do show a vulnerability, then you report it on the Play Store in the app’s review section and also shoot off an email to the developers. The emails are provided in the Play Store listing. You can continue using an app which is shown as vulnerable, though your data might not be all that secure, now that HeartBleed technique has hit the news and anyone can try to break in.