Originally Posted by SiempreTuna
The vulnerability also affects clients, potentially including phones and tablets.
The Google site
Basically, if you're running 4.1.1 it may be worth contacting your phone manufacturer, otherwise your phone / tablet should be OK - though obviously, the servers you connect to may not.
Now I can claim to have been prescient! I wanted to avoid the Heartbleed thing, and THAT'S why I never got around to upgrading any of my Android devices above 4.0.4.
Having read a bit more on this, it occurs to me that you BEFORE you change your password on an affected site, you might want to ensure they've fixed the bug. If not, you'd potentially be exposing your new and old passwords to a watcher who didn't have the old one
This is a very good point. The problem I'm seeing is that people contacting sites end up with CSRs who don't even know what they're talking about. Think about the usual outcome of a random call to some place like Bank of America; you call their 800 number and get a menu of choices; none of those choices will take you to an IT-smart, up-to-the-minute informed tech person.