Check here:-Sites Vulnerable to Heartbleed. Google has said that nearly all versions of AOSP from 4.1 and up contain vulnerable versions of OpenSSL, but all except one had heartbeats turned off, so no one could attack these systems. Only Android 4.1.1 had the heartbeat feature turned on, so those devices are vulnerable. Moreover, some OEMs may have switched heartbeat feature back on in their phone’s software, which leaves them vulnerable too. So how does one check if your phone or any of the apps on it can fall prey to a HeartBleed attack?Check here:-Millions of android devices are vulnerable Security software company Bluebox has released a Heartbleed Scanner on the Google Play Store, which will quickly check whether your device is safe or not. If you recall, Bluebox had also stepped in with a similar tool after announcing the discovery of the major ‘Master Key’ Android vulnerability. The Bluebox Heartbleed Scanner can look for apps installed on your device that have bundled their own version of OpenSSL and checks the version of the library and whether heartbeat is enabled.It’s important that if you find any apps that do show a vulnerability, then you report it on the Play Store in the app’s review section and also shoot off an email to the developers. The emails are provided in the Play Store listing. You can continue using an app which is shown as vulnerable, though your data might not be all that secure, now that HeartBleed technique has hit the news and anyone can try to break in. Click here Download Heartbleed scanner