Android 4.1.1 devices vulnerable to Heartbleed bug, says Google

Advertisement
By NDTV Correspondent | Updated: 14 April 2014 12:14 IST
Google has joined the ranks of companies which have issued public warnings about their products being vulnerable to exploitation thanks to the massively widespread Heartbleed bug. The company has now disclosed that users of all Android versions except specifically 4.1.1 are unaffected.

Buried at the bottom of a blog post titled Google Services Updated to Address OpenSSL CVE-2014-0160 (the Heartbleed bug), the search and online services giant added that 'patching information' for Android 4.1.1 is being distributed to device manufacturers and carriers, who are responsible for creating and issuing updates.

Android version fragmentation is a known problem within the ecosystem, and millions of users could still be running version 4.1.1, also known by the codename Jelly Bean. According to Google's own Android developer dashboard, up to 34.4 percent of all Android users are currently running 4.1 - 4.1.2, though the exact number or percentage of users running 4.1.1 is not known.

Version 4.1.1 was a minor update to 4.1 containing bug fixes related to specific devices. Version 4.1.2 was released less than three months later, potentially limiting the scope of the number of devices affected. However, Android manufacturers are frequently criticised for shipping devices built with older Android builds, and not issuing updates thereafter. A large number of budget devices are never updated once they are shipped.

Advertisement

Google has further disclosed that its Web services Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth were affected by Heartbleed but have now been patched. Other vulnerable websites included Dropbox, Facebook, Twitter, Tumblr, Yahoo, GoDaddy, and Amazon Web Services.

By contrast, Apple has stated that iOS, OS X, and its widely used Web services including iTunes and iCloud were never affected.

Heartbleed is a bug in the OpenSSL encryption framework used by Web servers to secure communications between themselves and the outside world. In early April, it was reported that attackers were able to retrieve information including sensitive encryption keys, user account details and message contents, from servers running the vulnerable version of OpenSSL.

Advertisement

Security workers have since demonstrated hacks that have resulted in retrieval of working encryption keys. It is not knows whether attackers, including government-sponsored agencies, were aware of the existence of the Heartbleed bug and were exploiting it before it became widely known.


 
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: Android, Android 4.1.1, Android bug, Android security, Heartbleed, Heartbleed bug, Internet security, OpenSSL, security
Politics test Silicon Valley's Russian ties
Microsoft unveils consolidated price tiers for Universal Windows apps
Advertisement

Related Stories

NexPhone Unveiled With 64-Megapixel Camera and Support for Android 16, Linux and Windows 11
22 January 2026
Google Is Reportedly Adding More Verification Layers in Play Store to Curb Sideloading Apps
19 January 2026
Android 17 May Redesign Notifications and Quick Settings With Split Layout
15 January 2026
CERT-In Urges Android Users to Update Smartphones After Google Patches Critical Dolby Vulnerability
14 January 2026
Google Play Store Could Soon Let Users Try Out Paid Games Before Purchasing Them: Report
8 January 2026
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Dhurandhar OTT Release Date Update: When and Where to Watch it Online?
  2. Realme Neo 8 Launched With 8,000mAh Battery: See Price, Features
  3. YouTube Takes on OpenAI's Sora With AI-Generated Shorts Feature
  4. Apple Asks Delhi High Court to Stop CCI From Seeking Its Financials
  5. Ubisoft Cancels Prince of Persia: Sands of Time Remake, Delays 7 Games
  6. Here's When the Redmi Note 15 Pro and Note 15 Pro+ Will Launch in India
  7. Top Last Minute Deals on Smartphones, Smart TVs and Home Appliances
  8. OnePlus 15T Spotted on Certification Site, Charging Details Revealed
  9. Vivo V70 FE Secures TRDA Certification, Could Launch Soon
  10. Google Pixel 10a Spotted With Familiar Design in Leaked Renders
#Latest Stories
  1. Realme Neo 8 Launched With Snapdragon 8 Gen 5 Chip, 8,000mAh Battery: Price, Features
  2. Apple Asks Delhi High Court to Stop Competition Commission of India From Seeking Its Financials
  3. Amazon Great Republic Day Sale: Top Last Minute Deals on Smartphones, Smart TVs and Home Appliances
  4. Amazon Great Republic Day Sale: Best Deals on Robot Vacuum Cleaners
  5. OnePlus 15T Lands on 3C Certification Database Ahead of Launch in China: Expected Specifications
  6. Crimson Desert Has Officially Gone Gold, Launch Set for March 19
  7. Acer Chromebook Spin 311, Chromebook 311 Launched With MediaTek Kompanio 540 CPU: Price, Features
  8. Samsung Galaxy S26+ Bags 3C Certification; Might Not Launch With Charging Upgrade
  9. Apple Could Turn Siri Into an AI Chatbot to Rival OpenAI, Google: Report
  10. Powerful X-Class Solar Flare Sends CME Toward Earth, Storms Possible
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.