These Android, iOS, and WP8 apps are affected by the Heartbleed Bug (updated)

hacking team tools government hack smartphones heartbleed phone smartphone mobile v2

The Heartbleed bug is real, and it is not good. Unfortunately, the OpenSSL vulnerability that is causing us all headaches doesn’t just exist within websites, but also within mobile apps because many of them access the same servers that their website counterparts do. Android tablets and phones that run version 4.1.1 are also vulnerable. Google told DT over email that it believes that use of Android 4.1.1 is at “single digit percentages,” but that still means that up to 100+ million phones and tablets are vulnerable to the bug.

Updated on 4-15-2014 by Williams Pelegrin: GrubHub is not affected by the Heartbleed bug. Its status has been updated to reflect that.

Updated on 4-14-2014 by Williams Pelegrin: Added Box, Flickr, and Groupon apps. Also added updates for BlackBerry, Netflix, and TurboTax.

Updated on 4-11-2014 by Williams Pelegrin: Added GitHub and BlackBerry apps, updated Etsy with a statement, and included statements from Apple and Microsoft pertaining to their mobile operating systems.

Updated on 4-10-2014 by Josh Sherman: Added some more apps and a warning about in-app payment services that many apps use.

Before you begin, please read our How to Protect Your Device from Heartbleed Guide. It will explain more about the Heartbleed bug. We also have a robust list of Websites Affected by Heartbleed and Video Game Services Affected by Heartbleed.

Below, we’ve started a list of affected apps. This list is cross platform, so it affects all users. There are several million apps on the iTunes App Store, Google Play, Windows Phone Store, and Windows Store, but we have to start somewhere. Keep in mind that you should not change your password until a fix is issued for a service. Once it is, you’ll want to log out of your mobile app for a few minutes, change the password, and log back in. Remember that you can also enable two-factor authentication on many apps and services, which helps protect your account even if your password is compromised. Remember also that you can still use an app while it’s vulnerable, but that you should change the password once a fix is issued.

About in-app payments: We should note to readers that many apps on your devices use in-app payment systems powered by Apple, Google or Microsoft, depending on which OS you use. Both Apple’s and Microsoft’s system have been unaffected. Google’s in-app payment system has been fixed and you should change your Google/Android password if you use the Google Play Store. Remember that this vulnerability can only affects apps you log into, and most greatly affects those you can make transactions or bill to your credit card with.

About mobile operating systems: According to Apple, iOS did not incorporate “the vulnerable software.” Meanwhile, Microsoft says that Windows Phone does not use OpenSSL, while BlackBerry says its core products, which include BlackBerry smartphones, were not affected. In general, Android is not affected, though, as previously mentioned, Android devices running 4.1.1 are affected.

For those with Android devices, we recommend downloading the Bluebox Heartbleed Scanner. It quickly checks whether your device is safe or not, as well as the apps that are on your device.

We will update this list constantly and flesh it out over the coming days and weeks.

 

Status

Source

Advice

AOL apps UNAFFECTED Was not running affected software -Mashable. Includes services such as AIM, AOL app and more. YOU’RE GOOD
Amazon UNAFFECTED “Amazon.com is not affected.” -Mashable. Includes apps such as Amazon, Audible, Kindle, Amazon MP3 and Amazon App Store YOU’RE GOOD
Apple and iOS UNAFFECTED “iOS and OS X never incorporated the vulnerable software and key web-based services were not affected.” -Mashable. Includes in-app payment system for iOS devices. YOU’RE GOOD
Banking Apps (Most) UNAFFECTED Chase Bank, Citi, Capital One, Bank of America, TD Bank, U.S. Bank and Wells Fargo all state they have not been affected. If yours is not listed assume it is possibly at risk and contact your bank for more information YOU’RE GOOD
Best Buy UNAFFECTED GitHub/Filippo YOU’RE GOOD
BlackBerry apps VULNERABLE BlackBerry will roll out a patch for Android and iOS users of BlackBerry Messenger shortly. BBM on Android/iOS and Secure Work Space for Android/iOS are affected. WAIT
Bitcoin UNAFFECTED Bitcoin was patched to address the OpenSSL issue, but it has no affect on your locally stored passwords and wallets on your device. YOU’RE GOOD
Box FIXED “We’re currently working with our customers to proactively reset passwords and are also reissuing new SSL certificates for added protection CHANGE PASSWORD NOW
Dropbox FIXED “We’ve patched all of our user-facing services & will continue to work to make sure your stuff is always safe.” – Mashable CHANGE PASSWORD NOW
eBay UNAFFECTED “When you login to eBay using your user name and password these details were not exposed to the OpenSSL vulnerability.” – Mashable YOU’RE GOOD
Etsy FIXED Part of its infrastructure was vulnerable, though it has been patched. CHANGE PASSWORD NOW
Evernote UNAFFECTED Evernote reports that it does not use OpenSSL to secure its Evernote app services. YOU’RE GOOD
Fandango OTHER Not affected by Heartbleed, but has been accused of not verifying SSL security. You should change your password anyway. CHANGE PASSWORD NOW
Facebook apps FIXED “We added protections for Facebook’s implementation of Open SSL before this issue was publicly disclosed.” Also includes services that use your Facebook account to log in, such as Spotify. CHANGE PASSWORD NOW
Flickr FIXED   CHANGE PASSWORD NOW
GitHub apps FIXED There are no official GitHub apps, though Gitty and iOctocat are third-party clients that make extensive use of GitHub’s API. GitHub patched the vulnerability, and asked users to change their passwords, enable two-step authentication, and “revoke and recreate personal access and application tokens.” – Mashable CHANGE PASSWORD NOW
Google apps and Android FIXED “We have assessed the SSL vulnerability and applied patches to key Google services.” – Mashable. Includes all Google accounts, services and in-app payment system. CHANGE PASSWORD NOW
Groupon UNAFFECTED “Groupon.com does not utilize a version of the OpenSSL library that is susceptible to the Heartbleed bud” – Mashable YOU’RE GOOD
GrubHub UNAFFECTED It is “secure and not vulnerable to the Heartbleed bug.” YOU’RE GOOD
Hulu FIXED CNN Money CHANGE PASSWORD NOW
Instagram FIXED “Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed.” CHANGE PASSWORD NOW
LinkedIn  UNAFFECTED “We didn’t use the offending implementation of Open SSL…” – Mashable YOU’RE GOOD
Lookout Security UNAFFECTED Lookout reports it has been unaffected by the security flaw YOU’RE GOOD
LastPass UNAFFECTED LastPass was unaffected but websites you use LastPass with may have been. Your master password is safe. YOU’RE GOOD
Microsoft apps UNAFFECTED “Microsoft Services were not affected” -LastPass. Includes all services such as Bing, Skype, payments in the Windows Store app, etc. YOU’RE GOOD
Netflix FIXED “Like many companies, we took immediate action to assess the vulnerability and address it.” CHANGE PASSWORD NOW
Pandora UNAFFECTED Reported as not vulnerable to Heartbleed YOU’RE GOOD
Paypal UNAFFECTED “Your PayPal account details were not exposed in the past and remain secure.” – PayPal  YOU’RE GOOD
Pinterest FIXED LastPass  CHANGE PASSWORD NOW
Snapchat UNKNOWN Reported as not vulnerable to Heartbleed WAIT
Steam FIXED Appeared on Git 10,000 vulnerable list – now fixed according to Heartbleed tester CHANGE PASSWORDS NOW
Stripe FIXED This payment service patched its system and recommends you change your password. CHANGE PASSWORDS NOW
Target UNAFFECTED Does not “currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability” – Mashable YOU’RE GOOD
TurboTax UNAFFECTED “TurboTax engineers have verified TurboTax is not affected by Heartbleed.” It is “not proactively advising you to do so,” but better safe than sorry.  – Full Statement CHANGE PASSWORDS NOW
Tumblr FIXED “We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.” – Mashable. Tumblr still recommends you change your password. CHANGE PASSWORDS NOW
Twitter UNAFFECTED “We were able to determine that [our] servers were not affected by this vulnerability” – Twitter YOU’RE GOOD
Walmart UNAFFECTED “We do not use that technology so we have not been impacted by this particular breach.” – Mashable YOU’RE GOOD
Wikipedia FIXED “The vulnerability has now been fixed on all Wikimedia wikis” – Only affects you if you login at Wikipedia.org CHANGE PASSWORDS NOW
WordPress UNKNOWN It has “addressed the Heartbleed OpenSSL exploit,” but no word as to when its SSL certificates will be replaced and when you can change your passwords. It was  WAIT
XDA Developers FIXED Appeared on Git 10,000 vulnerable list – now fixed according to Heartbleed tester CHANGE PASSWORDS NOW
Yahoo apps FIXED Yahoo Homepage, Search, Mail, Finance, Sports, Food, and Tech were patched. More patches on the way. – Mashable. Flickr has also been patched. CHANGE PASSWORDS NOW

Originally published on 4-10-2014.

Computing

FCC proposal could help Google Fiber roll out to more cities

Gigabit internet could get a boost in the U.S. if the FCC votes to approve a new proposal affecting how utility poles are managed. This could help new service providers, like Google Fiber, rapidly deploy its fast internet service.
Mobile

Google is replacing some Pixel 2 handsets due to faulty rear cameras

Google’s Pixel 2 smartphones have plenty to recommend them, but they’re not perfect. We've rounded up the most common Pixel 2 issues and Pixel 2 XL problems here and identify workarounds or fixes to help you cope with them.
Mobile

How to improve your Android privacy

If you have an Android device and you’re concerned about your privacy, then we have a few tips for you. Learn about the settings you can change to improve your Android privacy and safeguard your personal data.
Mobile

Visual snapshots on Google Assistant provides your day at a glance

Google's artificially intelligent bot, Google Assistant, is available on smart home speakers, smart home devices, iOS and Android phones, and it can do a whole lot of work on your behalf. Here are all of its features.
Android Army

From Oreo to Jelly Bean, here's how to turn off notifications in Android

If you're sick of spam Android notifications, then identify the apps responsible and get rid of them. We explain how to find offending apps and turn off notifications in Android, no matter what version you're running.
Mobile

Apple fixes its battery drain issue with iOS 11.4.1 update

Apple's iOS 11 is the latest version of the company's mobile operating system, but it still has some issues to be worked out. We've searched the internet to find the biggest iOS 11 problems, along with some potential solutions.
Computing

You can use Chrome OS on a tablet, but it’s not an iPad competitor yet

We took a look at the first Chrome OS tablet to hit the market, the Acer Chromebook Tab 10, to see just how Google's lightweight tablet runs on a touch-only device thanks to a few new tablet-centric features.
Mobile

These are the best video chat apps to help you stay in touch

Though still relatively new, video chat apps can help you connect with people from around the world. Here are our personal favorites to help you keep in touch regardless of smartphone OS.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Computing

Ripple is a different kind of cryptocurrency. Here's how to buy it

Need to know how to buy Ripple? You've come to the right place. In this guide we'll walk you through the process step by step, as well as offer an alternative for those who want to get more hands-on with their trades.
Mobile

The world can be your oyster with a little help from the best travel apps around

Traveling doesn't need to be a time-consuming nuisance. Our handpicked selection of the best travel apps will keep things simple, whether you need cost comparisons for hotels or directions to renowned eateries.
Mobile

Apple's third iOS 12 beta may help you save a lot of data

At this year's Worldwide Developer Conference, Apple unveiled its latest operating system, iOS 12. From app updates to group FaceTime, ARKit 2.0, and more, here are all the new features in iOS 12.
Mobile

Only Google should be mad about having to change Android

Google has been hit with a massive fine in a landmark antitrust case in Europe, and has been told to change the way it manages its Android operating system, or face a heavier financial hit.
Computing

Here’s how to easily log in to multiple Gmail accounts at once

Switching between multiple Gmail accounts is quick and easy once you know how to do it. We'll walk you through the process of logging in to multiple Gmail accounts on your phone and computer.
Mobile

Split your Uber charges with friends more easily than ever with Venmo

After noting that more than six million Venmo transaction descriptions included the word "Uber," the PayPal-owned app, Venmo, decided to help users cut down on the number of steps needed to repay friends. 
Mobile

We tried all the latest and greatest smartphones to find the best of 2018

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.
Mobile

Samsung patent shows 'hidden display' on Galaxy X foldable smartphone

Samsung has been showcasing bendable display technology for a few years now and a folding smartphone might finally become a reality. The Galaxy X may be the company's first example, and here's everything we know about it.
Mobile

Android Q will likely make its way to the Essential Phone in 2019

The Essential Phone (PH-1) was one of the best-reviewed phones of 2017, and it comes from Andy Rubin, the co-creator of Android itself. It has a striking design with a bezel-less display and the price is now down to $500.
Mobile

The Xiaomi Mi Max 3 has a tablet-sized screen and a huge battery

Do you need a phone that's around the size as your head? Then check out the Xiaomi Mi Max 3, Xiaomi's latest addition to its huge Mi Max range. Here's everything you need to know.
Mobile

OpenSignal names T-Mobile the best mobile network in almost all categories

According to the latest OpenSignal report, T-Mobile takes first place for fastest 4G download speed. In comparison to its competitors, the carrier also snagged the top spots in almost all other categories.
Mobile

Get your moon boots ready: Samsung’s new VR experience launches you into space

For the next year, Samsung will let you simulate walking on the moon, thanks to the Gear VR, Galaxy S9 Plus, and a complicated harness system that was developed in partnership with NASA.
Mobile

Fuchsia could eventually replace Android, but it's years away from doing so

Details have emerged about a new operating system Google's developers are working on dubbed Fuchsia OS. Here's everything we know about Google's mysterious new operating system so far.