Downwardly mobile – Pre-owned devices good for the planet but vulnerable to being hacked

Pre-owned mobile phones offer a sustainable solution to a growing electronic waste problem but as many as three in 10 mobile phone models for sale on second-hand sites could be at risk of being hacked because they are no longer supported by the manufacturer, according to a new Which? investigation.

Consumers who want to make a sustainable choice or who don’t want to pay the steep price of many modern premium mobile phones may want to choose a pre-owned, refurbished version instead. Keeping devices in circulation in this way helps the environment, but with some phones losing important update support after a little over two years, this leaves future owners potentially using unsecure devices.

In a survey, the consumer champion found that most respondents (62%) said that they think a mobile phone is broken down for parts when it is sent for recycling, but in an investigation Which? found most phones are actually resold.

Looking through the listings on three popular mobile phone recycling websites, Which? found all were reselling mobile phones that, unknown to customers, are vulnerable to hackers because manufacturers can stop providing vital security updates after a couple of years.

Some of the phones being resold that are no longer receiving security updates include the Apple iPhone 5, Google Pixel XL, Huawei P10, Samsung A8 Plus (2018) and the Samsung Galaxy S7.

Which? found that almost a third (31%) of the mobile phone models on sale at second-hand goods chain CeX could be vulnerable because they are no longer supported by security updates.

This also applied to a fifth (20%) of the models Which? found on Music Magpie and one in six (17%) on SmartFoneStore. Both told Which? that these only accounted for a very small percentage of sales.

In response to the Which? investigation, Music Magpie has removed the unsupported devices Which? found from sale. It also says that going forward, it will provide information to consumers if a product is no longer receiving security updates.

SmartFoneStore also issued an update, adding a warning on unsupported devices so consumers are aware before they buy them. CeX did not provide a comment.

Recently out-of-support devices might not immediately have problems, but without security updates, the risk to the user of being hacked is increased. Generally speaking, the older the phone, the greater the risk.

The lack of robust, sustainable solutions for the disposal of mobile phones is an ongoing concern. With effective options in place to resell pre-owned devices, the potential is there to prolong their lifespans – but until manufacturers offer complete transparency about how long devices will be supported, and those offering only a couple of years of support do better, it is more difficult to take advantage of these services without putting consumers at risk.

Kate Bevan, Which? Computing editor, said:

“Keeping mobile phones in circulation for longer is better for the environment but it shouldn’t come at the cost of customer security. Unless manufacturers become more transparent, and those offering vital updates for only a couple of years do better, there is a risk that second-hand phones will be vulnerable to hackers or end up dumped in a landfill site.

“If your mobile phone is no longer receiving security updates you should consider upgrading as soon as possible. While you continue to use an out-of-support device, you must take steps to mitigate the risks – including using mobile antivirus software, managing app permissions and only downloading from official stores.”

ENDS

Notes to editors:

To help consumers make informed buying decisions, Which? clearly flags phones that are no longer supported in its reviews.

Investigation –

Which?’s investigation was conducted online and analysed the listings on three websites – CeX, Music Magpie and SmartFoneStore (operates under CMR Ltd, which owns Fonebank) – to see which phones were on sale (results correct as on 26 May).

Survey –

In an online survey of 1,251 Which? members in May, 62% said they think a mobile phone is broken down for parts when it’s sent for recycling.

Background stats –

  • Music Magpie told Which? it refurbishes 95% of the products it receives from consumers, all of which are resold in the UK. It sells more than 250,000 phones a year.
  • CeX said the overwhelming majority of phones are resold in the UK – it sold approximately one million phones in 2019.
  • SmartFoneStore, which sources phones from businesses and retailers, told Which? sells around 2,000 per month.

Warranty – All three retailers, perform a range of checks – from screen and sound tests to cosmetic grading before reselling any device allowing them to offer a warranty – 24-months for Cex, MusicMagpie and SmartFoneStore offer 12.

Right to repair –

There are rules on the management of e-waste. Sellers of electrical and electronic equipment (EEE) within the European Union must provide ways for customers to dispose of their old household device when they sell them a new version of the same product.

And in October 2019, the EU adopted new Right to Repair standards, which means that from 2021 firms will have to make appliances – including, mobile phones, tablets and laptops – longer-lasting, and will have to supply spare parts for machines for up to 10 years.

The UK government has pledged to “match and even exceed EU eco-product regulations” post-Brexit.

RORs –

Music Magpie

“We thank Which? for notifying us of this issue and believe that this is an important matter across the industry.

“The positive environmental impact of keeping older devices in circulation is significant and we think manufacturers should strive to enable this by keeping the operating systems up to date, as they do with newer devices.

“While we thoroughly look into it, we have made the decision to remove all of the stated devices from our store. These devices account for less than 1% of our stock and less than 1% of our sales, so while not a significant number, we still want to ensure we provide the correct messaging and advice to customers where these devices are listed, so that they can then make a better-informed decision on their purchase.”

Smartfonestore

SmartFoneStore did not provide Which? With a formal statement but also issued an update, adding a warning on unsupported devices so consumers are aware before they buy them and provided the below screenshot.

CeX

CeX did not respond to Which?’s query

Press Release: , , , , , , , , ,