Mobile Phone Brands Put Customers at Risk with Inadequate Update Support

Mobile phone users could be unknowingly putting themselves at risk, as Which? The research reveals the shortfall in upgrade support compared to how long devices last before they need to be replaced.

In an online survey of over 15,000 adults*, we calculated the “estimated lifespan” of popular technology and found huge differences between the length of time people hold on to their phones and the length of security updates provided by manufacturers .

Research shows a third of Which? Members kept their last phone for more than four years, but with some brands only offering critical security updates for just over two years, many could be unknowingly taking a risk.

Read on to see which brands are updating their phones the longest and what to do if your phone is no longer compatible.


Our mobile phone reviews Clearly mark models that we suspect are no longer supported.


The problem with unsupported phones

discarded mobile phones

Security patches are important updates that help ensure your phone is safe to use. Without them, there is an increased risk of malware, hacking, and personal data theft.

Exclusive which one? The research found that smartphones from brands like Apple, Samsung and Huawei were capable of lasting six years or more before they needed to be replaced due to failures or performance issues.

In many cases, however, software update cycles fall well short of this: some brands only guarantee security updates for two years, meaning a properly working phone is at higher risk of being hacked.

How long will my mobile phone be compatible?

As there is currently no regulation on how long phones have to be compatible or how transparent brands have to be, it can be difficult to say how long your new phone will remain safe to use. However, some brands are better than others.

Apple tends to lead the pack for upgrade cycles. Their phones are typically supported for five or six years, so currently anyone with an iPhone 6s or later will still have access to updates.

For other brands, two or three years is more typical. Google, OnePlus and Nokia guarantee security updates for a minimum of three years.

However, brands don’t always treat all their phones equally to keep older phones safe. The samsung galaxy s8which launched in March 2017, is still getting updates, but the brand hasn’t always kept its cheaper models around for as long.

Phones planning to upgrade may also fall off the upgrade plan without notice, like with the Xiaomi Redmi 6A. It launched in November 2018 and only received an update to MIUI (the brand’s custom version of Android) before being delisted.

Which? is committed to helping consumers keep their data safe. In our reviews, we clearly mark phones, such as the Huawei P30 Lite and Sony Xperia L1, if we suspect that they no longer receive security updates from the manufacturer.

What to do if you use a phone without support

Phone downloading a software update

If your phone says there is a new update to install, make sure to download it. You should always stay on top of phone updates, moving to the latest operating system (currently iOS 14 for Apple and Android 11) when it’s released.

An unsupported phone may not cause you problems right away, but you should start looking to upgrade your phone. The older the phone, the higher the risk, so consider the typical five to six year cycle for iPhones and the two to three year cycle for Android phones, and remember that this starts when the phone is released, not when you buy it. If you suspect you’re using an unsecured phone, there are steps that can help reduce your risks until you can upgrade:

  • Only download apps from official app stores.It may be tempting to “download” an app that isn’t available on Google Play or the Apple App Store, but it carries additional risk, as these apps may not go through the usual security checks.
  • Don’t download more than you need.Avoid ‘clutter’ – only download the apps you really need and try to stick with trusted app developers. Check how long an app has been around and browse reviews if you’re not sure.
  • Use a antivirus application.This extra layer of defense is particularly important if your phone doesn’t receive security updates. If you can’t find an app that works with your operating system, it’s definitely time to update your phone.
  • be alert to identity fraudAttempts. Spam emails, texts and calls are finding more sophisticated ways to gain access to your data. Beware of unexpected emails and text messages asking you to download an attachment or click through to a website, and check for misspelled URLs and email addresses claiming to be legitimate companies.

Read our guide onmobile phone security for more detailed help and advice.

Which? ask for more transparency

Which? believes brands should be more transparent with consumers about their upgrade policies and practices, and clearly communicate when a device will no longer be compatible.

Without this transparency, many consumers have no idea if using their phone or buying a second-hand or refurbished phone could put their data at risk.

The impact of this also has the potential to fuel the UK’s huge e-waste problem. Phones from the most trusted brands can last six years on average, but if the software can’t keep up, it’s not feasible to keep a phone that long or sell it. By not extending their refresh cycles, smartphone brands are fueling digital obsolescence and avoiding the most sustainable end-of-life solutions for a phone.

The Department for Digital, Culture, Media and Sport has proposed new laws for the security of smart devices. If approved, brands will need to indicate at the point of sale how long they can expect their phone to receive security updates.

Which? is calling on the government to go ahead with this planned legislation and back it up with strong enforcement measures for businesses that fail to deliver on their promised security support plans.


*Survey of 15,283 adults – members of Which? Connection Panel and Members of the Public: Conducted July 2020. “Estimated Lifespan” is based on the age of respondents’ current working mobile phones and how long they kept the old one. The estimated factors in the current age and the previous age of the product when it was replaced. Estimated life expectancy only includes phones that were replaced because of faulty, decreased performance and other related issues, and does not include mobile phones replaced because the respondent simply wanted a new one.

Leave a Reply

Your email address will not be published.