Last week’s most important news was the discovery of a bug named ‘Heartbleed’, an OpenSSL vulnerability used by thousands of servers, programs and applications that could allow third parties to steal your valuable data by intercepting connections considered to be safe. Most web services claim they have already patched their software, but mind you, there are still many companies and web services that have not yet spoken about their patching status, which only adds insult to the injury.
There are many online tools that can help to diagnose what services are secure or not, but let’s not forget that Android itself uses OpenSSL (along with a good bunch of apps) and this is where these three Heartbleed Scanner apps come into play.
The purpose of these apps is simple: they scan your device to check your Android version and determine what version of OpenSSL is being used. After the scan, they will show a report in which you will see if your device is vulnerable to this bug. The following three tools are completely free, very small sized and they detect vulnerabilities in a matter of seconds.
Bluebox Heartbleed Scanner will perform a scan on your system and on the libraries of each application to check if they are secure or affected by the bug.
CMSecurity Heartbleed Detector is another app that will detect whether your system and installed apps are vulnerable to the OpenSSL bug.
Lookout Heartbleed Detector is a very good and fast scanner that will scan your system for the OpenSSL vulnerability. It won’t scan apps, though.
All these apps’ sole purpose is reporting if your system or apps are vulnerable to the Heartbleed Bug. They won’t attempt to fix or patch them, as it is the developers’ responsibility to update and patch their respective apps. It is up to you to keep a vulnerable app installed and wait for an update from the developer, or uninstall it altogether.
Free Mobile Apps of the Week
1. Bluebox Heartbleed Scanner
For Android 2.3.3 and up
Size: 35 KB
Download: https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner
2. CMSecurity Heartbleed Detector
For Android 2.2 and up
Size: 280 KB
Download: https://play.google.com/store/apps/details?id=com.cleanmaster.security.heartbleed
3. Lookout Heartbleed Detector
For Android 2.2 and up
Size: 219 KB
Download: https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector
Get your own favorite app published! Know a free and neat app? Then why not have it published here and receive full credit? Click here to tell us your suggestion.
Click here for more items like this. Better still, get the latest articles about mobile apps delivered daily via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.
We are looking for people with skills or interest in the following areas:
Comments
I just used both Bluebox and CM on my Galaxy Fame running 4.1.2 and find Bluebox to give fuller results. It states that the phone is running OpenSSL 1.0.1c but heartbeats are disabled so it is safe, and that one app (Virginmedia Smartcall) is using 1.0.0a and advises contacting the developer for further advice.
In contrast the CMSecurity app gives no information on the OpenSSL version on the phone and simply lists all the apps present with all marked safe.
First impressions would tend to suggest going with Bluebox.
I tried all three suggested apps. Curiously I found a difference between Bluebox Heartbleed Scanner and CMSecurity Heartbleed Detector. heartbat scanner declared that Navfree contains openSSL 1.0.1f with heartbeats enabled and therefore vulnerable. But CMSecurity found no such danger in Navfree.
Having tried both apps I thought it responsable to report my findings to the community.
Your answer is perfectly logical and corresponds to what I figured out.
Thanks.