Skip to main content

Android Update Patches OpenSSL Bug

Thanks to a minor system update, Android users can now rest a bit easier. Android version 4.4.4 patches an exploitable OpenSSL flaw, making mobile devices much safer from potential security breaches.

Ars Technica gathered a few separate points of data on the update, which Google unveiled very quietly. The new update brings Android's version up to 4.4.4, and goes by the charming, easy-to-remember name of KTU84P.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

Only Google's own Nexus devices have access to the update at present, which Nexus owners can either download from the Google Developers page or wait until it hits their devices automatically within the next few weeks. In our own tests, we found that a Nexus 10 had not yet received the update, and did not find it when we prompted it to search.

Android 4.4.4 addresses a vulnerability in the OpenSSL protocol. In layman's terms, OpenSSL is a common method that websites and programs use to encrypt user information. A security flaw dubbed CVE-2014-0224 was able to exploit a piece of OpenSSL code that allowed it to decrypt user information while it was in transit online between the user and the receiving party. The new Android update will render that particular bug moot.

According to Sascha Prüter, an Android engineer at Google, the update will also address a number of other minor security concerns. Android developers can expect to see an open source version of the code within the next two days.

All in all, 4.4.4 is not the most exciting update you'll ever install on your Android device, but it may help keep you safe when the next big security breach hits. Those who don't have Nexus devices will have to wait, though. Generally, mobile providers wait much longer than Google to provide Android updates, and for older phones, they may not provide updates at all.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.