Upgrading from android 4.1.1 due to "heartbleed bug"

koolcat7 · Apr 26, 2014

Hi all. I am running 4.1.1 and have become aware my stock-rooted android version is at risk because of this latest "bug that affects SSL security. I like the "stock with goodies" rom that I have and want to keep everything the same as it is now. I read that you can flash an update file, but am concerned with the known issues this may cause. I cannot find any other custom rom that I like enough to want to switch to.

Android version: 4.1.1, Htc Sense 4+, Software version 3.16.651.3 710RD, HTC SDK API level 4.63, Baseband (Radio) 1.13.11.0830, Hboot 1.12 2222

TWRP version is 2.4.1.0

I want to stay rooted and be able to wifi tether without issues. Other roms I had issues with wifi tether among other things so Ive liked and stuck to this rom.

What would you do?

Sloth · Apr 26, 2014

Moved to Q&A

AarSyl · Apr 26, 2014

write.artie said:
Hi all. I am running 4.1.1 and have become aware my stock-rooted android version is at risk because of this latest "bug that affects SSL security. I like the "stock with goodies" rom that I have and want to keep everything the same as it is now. I read that you can flash an update file, but am concerned with the known issues this may cause. I cannot find any other custom rom that I like enough to want to switch to.

Android version: 4.1.1, Htc Sense 4+, Software version 3.16.651.3 710RD, HTC SDK API level 4.63, Baseband (Radio) 1.13.11.0830, Hboot 1.12 2222

TWRP version is 2.4.1.0

I want to stay rooted and be able to wifi tether without issues. Other roms I had issues with wifi tether among other things so Ive liked and stuck to this rom.

What would you do?

Before I give my input...what update file are you referring to? Was it an update file released from HTC, or from Google? Is it the 4.3 update that's been the latest rave around here (which is awesome, for the record)? Are you comfortable using Sense 5.0 (or 5.5)?

Sorry for all of the questions. While I can easily tell you that I would update, you don't seem very interested in doing so. Therefore, I need to know what you want, and you will get my educated answer.

koolcat7 · Apr 26, 2014

My goal is to not be vulnerable to this SSL bug. I have not tried sense 5.0 or 5.5. Apparently google released a file to update to 4.3.

aarsyl said:
Before I give my input...what update file are you referring to? Was it an update file released from HTC, or from Google? Is it the 4.3 update that's been the latest rave around here (which is awesome, for the record)? Are you comfortable using Sense 5.0 (or 5.5)?

Sorry for all of the questions. While I can easily tell you that I would update, you don't seem very interested in doing so. Therefore, I need to know what you want, and you will get my educated answer.

prw94 · Apr 26, 2014

koolcat7 said:
My goal is to not be vulnerable to this SSL bug. I have not tried sense 5.0 or 5.5. Apparently google released a file to update to 4.3.

I'm in the same boat running a 4.1.1-based ROM ... MeanBean ... that I would like to keep, too, because I like it a lot. I'm not in a hurry to change because I do no financial transactions on my phone, plus I have a complicating factor in that my Sprint device has been flashed to run on Page Plus, the Verizon MVNO, and I'm concerned that making a really drastic change like to 4.3 or 4.4 will break the flash and force me to get that redone (although the person I bought the phone from tested it and flash survived a factory reset in TWRP, so I'm feeling pretty good that wiping it's not going to be an issue).

I've done a Titanium Backup of my user apps and used TWRP to create a nandroid ... I'm a noob but I'm learning ... and I've downloaded Yankees 2450's Y14 Aroma 4.1.2-based app to my SD card and I'm planning to flash it at some point, "when I get around to it," as much to get in on the ROM fun as out of any concern over HeartBleed (although I won't deny that some concern exists). Maybe that's one you should consider, the reviews in the development section seem pretty solid, and again it doesn't seem like it would be a massive change, that's why I'm going with it.

koolcat7 · Apr 26, 2014

Thanks for your input. Im looking at that thread now
where 4.1.2 aroma roms are. There are quite a few versions.... not sure which would be best to try.

aarsyl said:
Before I give my input...what update file are you referring to? Was it an update file released from HTC, or from Google? Is it the 4.3 update that's been the latest rave around here (which is awesome, for the record)? Are you comfortable using Sense 5.0 (or 5.5)?

Sorry for all of the questions. While I can easily tell you that I would update, you don't seem very interested in doing so. Therefore, I need to know what you want, and you will get my educated answer.

prw94 said:
I'm in the same boat running a 4.1.1-based ROM ... MeanBean ... that I would like to keep, too, because I like it a lot. I'm not in a hurry to change because I do no financial transactions on my phone, plus I have a complicating factor in that my Sprint device has been flashed to run on Page Plus, the Verizon MVNO, and I'm concerned that making a really drastic change like to 4.3 or 4.4 will break the flash and force me to get that redone (although the person I bought the phone from tested it and flash survived a factory reset in TWRP, so I'm feeling pretty good that wiping it's not going to be an issue).

I've done a Titanium Backup of my user apps and used TWRP to create a nandroid ... I'm a noob but I'm learning ... and I've downloaded Yankees 2450's Y14 Aroma 4.1.2-based app to my SD card and I'm planning to flash it at some point, "when I get around to it," as much to get in on the ROM fun as out of any concern over HeartBleed (although I won't deny that some concern exists). Maybe that's one you should consider, the reviews in the development section seem pretty solid, and again it doesn't seem like it would be a massive change, that's why I'm going with it.

prw94 · Apr 26, 2014

koolcat7 said:
Thanks for your input. Im looking at that thread now
where 4.1.2 aroma roms are. There are quite a few versions.... not sure which would be best to try.

I downloaded the Y14 build which is the latest. I think 4.1.2 has the vulnerability but the actual HeartBleed bug hasn't been engaged as in 4.1.1.

koolcat7 · Apr 26, 2014

Ah, i just downloaded the Y14 as well, but if theres still vulnerability there im not sure id feel okay with that.

prw94 said:
I downloaded the Y14 build which is the latest. I think 4.1.2 has the vulnerability but the actual HeartBleed bug hasn't been engaged as in 4.1.1.

prw94 · Apr 26, 2014

koolcat7 said:
Ah, i just downloaded the Y14 as well, but if theres still vulnerability there im not sure id feel okay with that.

Well the Hisense Sero 7 tablet I'm using to post (running 4.2.1) "has the vulnerability," but it's safe because HeartBleed isn't enabled. It's only enabled on 4.1.1 from everything I've heard.

koolcat7 · Apr 26, 2014

Im going to give it a go now, and flash Y14.

prw94 said:
Well the Hisense Sero 7 tablet I'm using to post (running 4.2.1) "has the vulnerability," but it's safe because HeartBleed isn't enabled. It's only enabled on 4.1.1 from everything I've heard.

prw94 · Apr 26, 2014

koolcat7 said:
Im going to give it a go now, and flash Y14.

Let me know how it works for you, I need to go ahead and flash mine, as noted I'm concerned about HeartBleed but not over panicking based in my usage.

koolcat7 · Apr 26, 2014

So do you think this version 4.1.2 will ever have that ssl bug enabled? Im flashed and already having issues, only 1x signal and profile wont update =/

Activate this device does nothing as well. Even in WiFi settings, ALL networks show full bars, when i know many are very far away. Looks like im going back to my nandroid backup and decide what to do when i find more info. ALSO, 4G LTE did connect, but kept going away every 10 seconds or so, back to 1x which is not normal.

prw94 said:
Let me know how it works for you, I need to go ahead and flash mine, as noted I'm concerned about HeartBleed but not over panicking based in my usage.

prw94 · Apr 26, 2014

koolcat7 said:
So do you think this version 4.1.2 will ever have that ssl bug enabled? Im flashed and already having issues, only 1x signal and profile wont update =/

Activate this device does nothing as well. Even in WiFi settings, ALL networks show full bars, when i know many are very far away. Looks like im going back to my nandroid backup and decide what to do when i find more info. ALSO, 4G LTE did connect, but kept going away every 10 seconds or so, back to 1x which is not normal.

No, HeartBleed will not be enabled in anything save 4.1.1. You need to read up about the origin of this thing and the mechanism by how it is or isn't a threat.

Your only option is to go to a custom ROM that is not 4.1.1 based, or wait on HTC to issue the update for the stock ROM that they've promised, but have given no ETA for (and I wouldn't hold my breath).

I don't know if you have enough posts here to post on the development board ... that's another reason I've held off doing anything, although I'm getting close thanks to this thread ... but the developer of that ROM is very responsive to people with issues, and as I said the thing is very popular and seems pretty bulletproof from the response.

I promise I'm not his PR person, have never spoken to him, just found that ROM when I was looking for something that would be the least drastic change from what I'm running now, because of being flashed to Page Plus (which only gives me 3G, but I knew that going in). 4.3, you have to do more than just wipe and flash because of the partitions changes.

AarSyl · Apr 26, 2014

When I think about it, I don't see how changing the partitions on the phone will affect the functionality of the phone while using Page Plus. Maybe I'm looking at it incorrectly, but I don't reactivate my phone with Sprint every time that I flash a new rom, root it, change partitions, or anything at all. I could be wrong, though, for I have never flashed my phone to any other service.

prw94 · Apr 26, 2014

aarsyl said:
When I think about it, I don't see how changing the partitions on the phone will affect the functionality of the phone while using Page Plus. Maybe I'm looking at it incorrectly, but I don't reactivate my phone with Sprint every time that I flash a new rom, root it, change partitions, or anything at all. I could be wrong, though, for I have never flashed my phone to any other service.

I really don't know, thus my hesitance in my own situation. Had a "recommend a ROM thread locked because I was unaware that wasn't kosher, so I went back to the boards (which can be a daunting experience for a noob) and found that particular ROM and I've also downloaded CM10 stable.

Am basically just acclimating myself to this stuff (phone was rooted, running MeanBean and flashed to PP when I bought it, have never done any of this), learning how to use Titanium and TWRP to make backups, etc.

I''d be lying if I said HeartBleed wasn't a concern to me, but I'm not as panicked as the OP about it. I know I need to probably change, although I'm quite happy as is with MeanBean. Biggest priority aside from security is not having to spend $50 or so to get the phone reflashed to PP.

Sinistertensai · Apr 29, 2014

4.1.1 has three digits the ones that matter are the first two. 4.1.2 may still be vulnerable to heart bleed. As for flashing to page plus you can do that on your own for free there are guides for how to do this all over. The best bet for every one running below 4.3 is to update to a Rom that is 4.3+ also with that update comes many fixes for the most common phone issue one might have while running below 4.3. There are 3 fully functioning roms currently available for the evo running on the updated partitions. Sense 5.5 by chubbz and I captain's stock Rom. And vins viper 4.0 with sense 5.5. Now with all this knowledge I've given you go explore, test the waters jump in. And always remember to post a question Rom related after at least 1 hour of thread searching Google and running the basics of Rom flashing. Wipe caches, dalvik if all else factory reset.

Sent from my EVO using Tapatalk

prw94 · Apr 29, 2014

Thanks for the advice. I have searched threads, as noted I have been practicing to test the waters ... I have a Titanium Backup of my apps and a Nandroid of current system with MeanBean on my SD card so I'm comfortable with that. I think I'm pretty clear on wiping the phone ... although I thought the factory reset took care of everything, do you still need to wipe caches/dalvik after that? Searching the threads is where I picked up on the 4.1.2 ROM which seems to be pretty bulletproof stable, and as far as I know HeartBleed isn't enabled in 4.1.2. I was basically looking at that as an intermediate step, again just to dip my foot in the pool of ROM flashing before attempting anything more elaborate. The instructions for going to 4.3 are a bit more complicated than wipe, flash, reboot, and I'd prefer to learn to swim a little better before jumping off the high board. Same with the Page Plus flashing. I'm sure I could eventually figure out how to do it myself, problem is I use my phone pretty much perpetually for work and can't afford to have it out of service for a millisecond, so it's worth the cost to me to get it done right first time, although I'd rather not break the flash in the first place. I've gotten some advice from folks who do such flashing that 4.3 will break it, every time.

Sinistertensai said:
4.1.1 has three digits the ones that matter are the first two. 4.1.2 may still be vulnerable to heart bleed. As for flashing to page plus you can do that on your own for free there are guides for how to do this all over. The best bet for every one running below 4.3 is to update to a Rom that is 4.3+ also with that update comes many fixes for the most common phone issue one might have while running below 4.3. There are 3 fully functioning roms currently available for the evo running on the updated partitions. Sense 5.5 by chubbz and I captain's stock Rom. And vins viper 4.0 with sense 5.5. Now with all this knowledge I've given you go explore, test the waters jump in. And always remember to post a question Rom related after at least 1 hour of thread searching Google and running the basics of Rom flashing. Wipe caches, dalvik if all else factory reset.

Sent from my EVO using Tapatalk

koolcat7 · Apr 30, 2014

So, I talked to a friend of mine who knows alot about alot... and he assured me that you will only be susceptible to heartbleed attacks on open or public wifi spots. So this bug does not affect anything over 3G/4G, which puts most of my concerns at risk. So don't be too worried if you don't constantly connect to open wifi networks you cannot completely trust. In conclusion, im not too concerned anymore and am going to leave the android version alone.

prw94 said:
Thanks for the advice. I have searched threads, as noted I have been practicing to test the waters ... I have a Titanium Backup of my apps and a Nandroid of current system with MeanBean on my SD card so I'm comfortable with that. I think I'm pretty clear on wiping the phone ... although I thought the factory reset took care of everything, do you still need to wipe caches/dalvik after that? Searching the threads is where I picked up on the 4.1.2 ROM which seems to be pretty bulletproof stable, and as far as I know HeartBleed isn't enabled in 4.1.2. I was basically looking at that as an intermediate step, again just to dip my foot in the pool of ROM flashing before attempting anything more elaborate. The instructions for going to 4.3 are a bit more complicated than wipe, flash, reboot, and I'd prefer to learn to swim a little better before jumping off the high board. Same with the Page Plus flashing. I'm sure I could eventually figure out how to do it myself, problem is I use my phone pretty much perpetually for work and can't afford to have it out of service for a millisecond, so it's worth the cost to me to get it done right first time, although I'd rather not break the flash in the first place. I've gotten some advice from folks who do such flashing that 4.3 will break it, every time.

prw94 · Apr 30, 2014

koolcat7 said:
So, I talked to a friend of mine who knows alot about alot... and he assured me that you will only be susceptible to heartbleed attacks on open or public wifi spots. So this bug does not affect anything over 3G/4G, which puts most of my concerns at risk. So don't be too worried if you don't constantly connect to open wifi networks you cannot completely trust. In conclusion, im not too concerned anymore and am going to leave the android version alone.

OK good luck, still going to update mine as soon as I make the final call on which one to try. Decisions, decisions ...

Upgrading from android 4.1.1 due to "heartbleed bug"

Senior Member

Inactive RC / Retired Forum Moderator

Senior Member

Senior Member

Member

Senior Member

Member

Senior Member

Member

Senior Member

Member

Senior Member

Member

Senior Member

Member

Inactive Recognized Developer

Member

Senior Member

Member

Similar threads

Top Liked Posts