Cell phone users could unintentionally put themselves at risk, like Which? Research reveals lack of update support relative to how long devices will last before needing to be replaced.
In an online survey of over 15,000 adults *, we calculated the ‘estimated lifespan’ of popular technologies and found huge differences between the length of time people keep their phones and the length of time they were upgraded. security day provided by manufacturers.
Research shows that a third of which? Members have kept their last phone for over four years, but with some brands offering crucial security updates for just over two years, many could unintentionally put themselves at risk.
Read on to see which brands update their handsets the longest, and what to do if your phone is no longer supported.
Our cell phone reviews clearly flag which models we believe are no longer supported.
The problem with unsupported phones
Security patches are important updates that make sure your phone is safe to use. Without them, there is an increased risk of malware, hacking, and personal data theft.
Exclusive Which one? research found that smartphones from brands like Apple, Samsung and Huawei were able to last six years or more before needing to be replaced due to defects or performance issues.
However, in many cases the software update cycles are far from that – some brands only guarantee security updates for two years, which means that a phone that is otherwise in good working order. presents an increased risk of being hacked.
How long will my mobile phone be supported?
Since there are currently no regulations on how long a phone is supported or on brand transparency, it can be difficult to say how long your new phone will stay secure to use. However, some brands are better than others.
Apple tends to lead the pack for update cycles. Its phones are typically supported for five to six years, so currently anyone on an iPhone 6s or newer will always have access to updates.
For other brands, two to three years are more typical. Google, OnePlus, and Nokia all guarantee security updates for at least three years.
However, brands don’t always treat all of their phones the same to keep older handsets safe. The Samsung Galaxy S8, which launched in March 2017, still receives updates, but the brand hasn’t always kept its cheaper models for that long.
Phones that are scheduled to update may also fall out of the update plan without warning, such as with the Xiaomi Redmi 6A. It launched in November 2018 and only received one MIUI (the brand’s customized version of Android) update before it was taken off the list.
Who? is committed to helping consumers protect their data. In our reviews, we clearly flag phones, like the Huawei P30 Lite and Sony Xperia L1, if we suspect that they are no longer receiving security updates from the manufacturer.
What to do if you are using an unsupported phone
If your phone says there is a new update to install, be sure to download it. You should always stay on top of updates to the phone, upgrading to the latest operating system (currently iOS 14 for Apple and Android 11) when it is released.
A broken phone might not get you into trouble right away, but you should start looking to upgrade your device. The older the phone, the higher the risk. So consider the typical five to six year cycle for iPhones and two to three years for Android handsets, and remember that this starts when the phone is released, not when you buy it. If you suspect that you are using an unsecured handset, you can reduce your risk until you can perform the upgrade:
- Download apps only from official app stores. You may be tempted to “sideload” an app that is not available on Google Play or the Apple App Store, but this carries an additional risk, as those apps may not go through regular security checks.
- Don’t download more than you need. Avoid “clutter”: Download only the apps you really need and try to stick with reputable app developers. Check how long an app has been around, and carefully review the reviews if you’re not sure.
- Use an antivirus application. This extra layer of defense is especially important if your phone is not receiving security updates. If you can’t find an app that works with your operating system, it’s definitely time to upgrade your phone.
- Pay attention to Phishing attempts. Spam emails, texts, and calls find more sophisticated ways to access your data. Beware of unexpected emails and texts that ask you to download an attachment or click on a website, and check for misspelled URLs and email addresses claiming to be legitimate businesses.
Read our guide to cell phone security for more detailed help and advice.
Who? calls for more transparency
Who? believes that brands should be more transparent with consumers about their update policies and practices, and communicate clearly when a device is no longer supported.
Without this transparency, many consumers are unsure whether using their phone or buying a used or refurbished device could put their data at risk.
The impact of this also has the potential to fuel the huge e-waste problem in the UK. Phones from the most trusted brands can last six years on average, but if the software can’t keep up, it’s not viable to keep a phone that long or sell it. By not extending their update cycles, smartphone brands are fueling digital obsolescence and preventing the most durable solutions at the end of a phone’s life.
The Department of Digital, Culture, Media and Sports has proposed new laws for the security of smart devices. If adopted, brands would be required to tell the point of sale how long you can expect your phone to receive security updates.
Who? calls on the government to move forward with this planned legislation and back it up with strict enforcement measures for companies that fail to follow through on promised security support plans.
* Survey conducted among 15,283 adults – members of Which? Panel Connect and members of the public – completed in July 2020. “Estimated lifespan” is based on the age of respondents’ current mobile phones in service and the length of time they have kept their previous one. The estimate takes into account the current and previous age of the product when it was replaced. Estimated lifespan only includes phones that were replaced because they were faulty, reduced performance, and other related issues, and does not include cell phones that were replaced because the respondent just wanted a new one. .