Click to Skip Ad
Closing in...

Android apps vulnerable to Heartbleed have been downloaded 150 million times

Published Apr 23rd, 2014 8:45PM EDT
Android Apps Heartbleed Bug

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Patching up Android to make sure it’s not vulnerable to Heartbleed is one thing. Patching all vulnerable Android apps, on the other hand, is quite another. Re/code draws our attention to a new study from research firm FireEye that claims there have been around 150 million downloads of Android apps that are vulnerable to the Heartbleed bug. And to make matters worse, the researchers say that the assorted “Heartbleed detectors” you can now find in the Google Play store will do little to help you root out vulnerable apps you’ve downloaded.

“Android apps frequently use native libraries, which either directly or indirectly leverage vulnerable OpenSSL libraries,” the researchers write. “Therefore, even though the Android platform itself is not vulnerable, attackers can still attack those vulnerable apps. They can hijack the network traffic, redirect the app to a malicious server and then send crafted heartbeats messages to the app to steal sensitive memory contents.”

Thankfully, there’s a silver lining to this: It looks like app developers are moving surprisingly quickly to patch their apps and to keep them safe from the Heartbleed vulnerability. When FireEye ran estimates on Android apps and Heartbleed vulnerabilities on April 10th, they found that apps vulnerable to the bug had been downloaded 220 million times. Just one week later when they ran their estimates on April 17th, that number had dropped to 150 million.

Brad Reed
Brad Reed Staff Writer

Brad Reed has written about technology for over eight years at BGR.com and Network World. Prior to that, he wrote freelance stories for political publications such as AlterNet and the American Prospect. He has a Master's Degree in Business and Economics Journalism from Boston University.