Google Deploying Heartbleed Patch for Android Smartphones
Published on: 14th Apr 2014
Note -- this news article is more than a year old.
Google is deploying a security patch for one variant of the Android OS that was vulnerable to the so called Heartbleed security flaw that stunned the internet community last week.
Google said that all versions of Android OS are immune to the security flaw, with the limited exception of Android version 4.1.1 -- the Jelly Bean version.
That flawed version of the OS was released on the 23rd July 2012, and superseded by version 4.1.2 on the 9th October 2012.
It's not known how many people still use the affected version of the Jelly Bean OS, but as a whole, version 4.1.x of the OS has around a third of the total Android user base.
The company said that a patch was being distributed to its partners, but this highlights the fragmented nature of the OS, as it will be those partners who have to choose to deploy the bug fix. Those partners, mostly handset manufacturers will in turn sometimes have to liaise with mobile networks to secure approval as well.
While some handset vendors may take the security flaw as an opportunity to push OS upgrades to handsets to move them to the very latest Android OS, there are a lot of handsets that might not even be possible to upgrade beyond the flawed OS version.
Users can check which edition of Android they are running by going to the "about phone" or "about tablet" option in their Settings app.