They're looking for blood! Lookout Mobile Security has released a free app called Heartbleed Detector that checks to see whether an Android device is vulnerable to the Heartbleed bug.
The Heartbleed bug, a serious error in an encryption library called OpenSSL that makes it devastatingly easy to grab supposedly secure data, mostly affects Web and email servers. However, Android 4.1.1 (a.k.a. Jelly Bean) does use a vulnerable version of the OpenSSL software.
Heartbleed Detector checks to see if you're running a vulnerable version of Android, and whether the vulnerable extension to OpenSSL is enabled on your device. However, the app can't fix the bug: Google, device manufacturers or wireless carriers will have to release an update that patches the vulnerability in Android 4.1.1.
There are some things you can do if Heartbleed Detector tells you you're vulnerable. First, check to see if your Android has any available updates. Most of the devices from the biggest Android hardware creators, such as Samsung and HTC, can upgrade to Android 4.4 KitKat, and even updates to later versions of Jelly Bean, such as Android 4.1.2, 4.2 or 4.3, would fix the problem.
However, some older devices or devices from smaller manufacturers haven't received updates beyond Android 4.1, or simply don't have the hardware requirements to do so. If that's the case with your phone or tablet, there's little you can do, other than purchase a new device or stay clear of mobile banking, shopping and social-networking apps.
Lookout's Heartbleed Detector can't detect whether your apps or the websites you visit on your mobile device are affected by Heartbleed. Other tools exist for checking individual websites, such as Qualys' SSL test or LastPass' Heartbleed checker, which also tells you whether a site has renewed its security signatures.
No one has yet found evidence of anyone maliciously exploiting the Heartbleed bug on a mobile device, or anywhere else. Nevertheless, the bug is extremely serious, and now that it's known, cybercriminals will certainly not hesitate to take advantage of it on unpatched websites and systems.