Heartbleed is a critical bug in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL’s implementation of the TLS/DTLS heartbeat extension. This allows attackers to read portions of the affected server’s memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal. Around 34.4% of Android devices in use today are running the Android 4.1.1 version of OpenSSL.
Source: https://thehackernews.com/2014/04/billions-of-smartphone-users-affected_13.html