The Lookout Heartbleed Detector can be used to determine whether or not your Android device is vulnerable to the Heartbleed bug in OpenSSL. This app works by determining what version of OpenSSL your device is using. If your device is using one of the affected versions of OpenSSL, we then check to see if the specific vulnerable feature called heartbeats is enabled.

What is Heartbleed?

Heartbleed is a software flaw in the OpenSSL “Heartbeat” function that helps keep secure connections alive. This function was found to be vulnerable to manipulation in a way that allows an attacker to steal up to 64K of data at a time from the active memory of affected systems. The bug, found by researchers from Codenomicon and Google, and filed with the following reference number – CVE-2014-0160, impacts any infrastructure that includes the affected versions of OpenSSL.

Will this app fix the Heartbleed vulnerability?

This app is not meant to fix this vulnerability, as this will need to be patched by Google or your device manufacturer, and it is only meant to keep you informed about the status of your device. The good news is that Lookout has not yet seen the Heartbleed vulnerability exploited on a mobile device, but you can stay updated with the latest information on our blog at blog.lookout.com.

Does this tell me if my apps are affected?

No. This app will not detect if any of the services or accounts (the apps and websites you visit) on your device are vulnerable and is only meant to detect vulnerabilities in Android.

In other words, your operating system might be fine, but the websites you’re accessing might not. Look out for emails from companies with whom you have online accounts. If they needed to issue a patch, hopefully they will be alerting their consumer.

Click on above title to download.