Google patches Heartbleed across services, but millions of Android devices remain at risk

Google has moved to patch up its apps and services to protect them against the Heartbleed bug, and the company has said that its mobile OS is immune – save for one particular version of Android.

Google was quick to respond to the news of the bug breaking last week, as you'd expect, and swiftly applied patches across its major services including Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Google Earth (oh, and that search engine thing it has, too).

Related: How worried should you be about the Heartbleed bug?

Mountain View also noted that Android was immune to the Heartbleed flaw, save for one exception – Android 4.1.1.

That is, of course, a problem because patching Android isn't quite as simple as Google's other services. Google can concoct the patch swiftly enough, but getting it out to handset manufacturers and network operators, and subsequently rolled out to devices is a notoriously time consuming process. And that's time which they don't have now knowledge of the bug is widespread...

How many folks are still using Android 4.1.1? According to the latest stats from the Android developer page, 34 per cent of users are running Jelly Bean 4.1.x, and it's by far the most-used version of Google's OS.

Not all of those will be running version 4.1.1, but that still represents a big chunk of users – according to Bloomberg Google says it's less than 10 per cent of active Android users, but that could be up to 90 million folks.

While you're here, you might also want to have a read of our closer look at how Heartbleed actually works.

Read more: Heartbleed and your passwords: An in-depth guide to what action you should take