Security Update Cut-Off Puts Phones At Risk

John Lister's picture

A consumer group has warned a time limit on updates could mean phones become a security risk before they wear out. The group wants laws to make it clearer how long devices will receive support.

The warning comes from Which?, a British organization similar to Consumer Reports in the US. It surveyed 15,000 people about how long they kept their phones. The questions covered how long people had been using their current phone, whether it was newly manufactured when they got it, and how long they had used their previous handset. The calculations only took account of handsets that were replaced because they had broken or worn out, rather than those ditched simply to upgrade to a new model.

Phones May Outlast Security Patches

The survey found a third of people keep a phone for more than four years, while it's perfectly feasible that major brand handsets can last six years without needing a replacement. The problem, according to Which?, is that some phone manufacturers and operating system developers only issue security updates for as little as two years.

Which? noted that Apple iPhones tend to get five or six years of security updates, while many leading Android manufacturers get at least three years of updates. However, cheaper models - including from big name companies - may stop getting patches earlier than this.

According to Which?, users shouldn't necessarily ditch a phone just because it no longer gets security updates. However, it says users need to take extra precautions in this scenario such as only downloading strictly necessary apps, sticking to recognized developers and official app stores, and using antivirus software. (Source:

Old Handsets Ditched Too Early

The organization says manufacturers should tell users buying a new device how long they can expect to get security updates. It warns that not only are users put at security risk, but they may be more likely to dispose of handsets that still physically work - something that's great for manufacturers, but not so much for consumers or the environment.

The British government has proposed making it a legal requirement to tell device buyers about the support deadlines. Which? says the government should not only make the law but apply it to phones, strongly enforce it and act against manufacturers who don't live up to their promised timetables. (Source:

What's Your Opinion?

Have you owned a phone that no longer receives security updates? Would you like to see laws in your country to force manufacturers to make promises for support timetables? Would an increased security risk make you replace a phone that was still working well?

Rate this article: 
Average: 4.3 (7 votes)


crackberrymeister_3399's picture

And that, Dennis, is why I and my family switched from the Android ecosystem to the Apple system some years ago. Paying the additional money for the hardware was a an acceptable tradeoff for keeping my phones longer. My wife is still rocking her iPhone 7 on iOS 14.2 with no issues. I still use my iPhone 7 as a back up to my 10R and it is on iOS 14.3 with no issues having started life on iOS 9 if I recall correctly.

Chief's picture

While I would appreciate a manufacturer stating the expected end date on support, once the phone is mine, it is my responsibility for maintenance, and definitely not big brother's.

I've never been an early adopter, and I don't appreciate anyone telling me what I can or cannot do with my equipment.

This could spawn an entire industry - just like these companies who "guarantee" paying for your car repairs.

beach.boui's picture

I agree, if Chief wants to use an obsolete, insecure and unsafe operating system on his phone, he should not be told by anyone that a security update is available for his phone. He should be allowed to exacerbate the OS fragmentation issue by refusing updates to his dinosaur OS. Progress be damned! Ingenuity and online security be damned! Covid is only the flu and it will be all gone by last Easter! Who needs a vaccine... or a an updated, secure operating system on their personal phone! I don't want anyone covering my back! Ugh.

russoule's picture

once again beach boui brings politics into a discussion. sorry beach boui, but this has little to do with politics and your TDS.

when I purchase an automobile, I expect it to last for as long as I maintain it. but I also expect the manufacturer to keep parts available so that it CAN be maintained. if I had to go out every 2 or 3 years to purchase a new automobile, I would be pretty disgusted.

the same philosophy applies to those pieces of electronic devices that provide telephone service. I certainly don't NEED an "an updated, secure operating system on their personal phone!" just to make cell-phone calls. but if beach boui chooses to spend his hard-earned dollars on such an update, he certainly is entitled to. myself? I prefer to do my computer work on a COMPUTER instead of 2020 version of Alexander Graham Bell's invention.