Mobile phone brands putting customers at risk with inadequate update support, Which? reveals

Many mobile customers keep their phones for up to six years, but users could unwittingly be putting themselves at risk of being hacked as some brands only provide security updates for a little over two years, research from Which? has found.

In a survey of more than 15,000 Which? members, the consumer champion calculated the ‘estimated lifetime’ of popular tech and found huge gaps between the length of time people are holding on to their phones and the duration of security updates provided by manufacturers.

These gaps mean that despite handsets appearing to work as normal, users could be putting themselves at risk of data theft or having their phones infected with ransomware and a range of other malware attacks that could leave them facing bills for hundreds of pounds.

The Which? survey found the most common reason for replacing an old phone, reported by two in five (41%) people, was that they wanted a newer model – after an average of three and a half years. However, the research shows that a third of people (32%) kept their handset for more than four years.

Handsets from brands like Apple, Samsung and Huawei were found to be capable of lasting six years or more before they needed replacing due to faults or issues with performance. However while Apple provides software support for five or six years, some Android brands only offer these vital updates for two or three years.

Recently out-of-support devices might not immediately have problems, but without security updates, the risk to the user of being hacked increases dramatically. However, this is relatively unknown among phone users.

The Which? research found that only a handful (7%) of those surveyed reported a lack of ongoing support as the reason they had replaced their phone.

Brands abandoning handsets by not providing security updates beyond two or three years means phones that could otherwise be in good working order can not be used or resold without putting their owners at risk. This potentially adds to the UK’s growing electronic waste problem when they end up discarded in landfill sites.

Brands should also be more transparent with consumers about their update policies and practices, and communicate clearly when a device will no longer be supported.

Which? is concerned that the current state of play means many consumers have no idea that they could be putting themselves at risk if they use their phone, or buy a refurbished second-hand phone, beyond this period of support.

These latest findings further highlight the importance and urgency of new laws proposed by the Department for Digital, Culture, Media and Sport (DCMS) requiring smart devices sold in the UK to adhere to basic security requirements.

The consumer champion is calling for the government to push ahead with this planned legislation, which will also require manufacturers to be more open about how long security support will last. This should be backed up by strong enforcement measures for companies that let down their customers by failing to live up to their commitments.

Kate Bevan, Which? Computing editor, said:

“Expensive hardware should be built to last and while our research shows that mobile phones have the potential to last longer, millions of users continue to be at risk of serious consequences without manufacturers doing the right thing when it comes to security support.

“Which? is calling for manufacturers to be clear about what customers can expect when it comes to the lifespan of their products. The government’s security legislation and mandated transparency will go some way to tackle digital obsolescence but more needs to be done. ”

Notes to editors:

• Survey of 15,283 Which? Connect panel members who were asked about tech product experience including mobile phones – carried out in July 2020

• ‘Estimated lifetime’ is based on the age of respondents’ current working mobile phones and how long they kept their previous one for. The estimate factors in current age and the previous age of the product when it was replaced. Estimated lifetime just includes phones that were replaced because they were faulty, performance dropped and other related problems, and does not include mobiles replaced because the respondent simply wanted a new one.

• Stats on how long people kept their handset is based on estimated lifetime.

Other useful Which? research:

• Downwardly mobile – Pre-owned devices good for the planet but vulnerable to being hacked:

https://press.which.co.uk/whichpressreleases/downwardly-mobile-pre-owned-devices-good-for-the-planet-but-vulnerable-to-being-hacked/

• Void Android: More than one billion Android devices at risk of hacking attacks https://press.which.co.uk/whichpressreleases/void-android-more-than-one-billion-android-devices-at-risk-of-hacking-attacks/

Press Release: Apple, cyber security, DCMS, google, Huawei, Kate Bevan, manufacturer, Mobile, mobile handset, Obsolescence, Samsung, Secure by design, updates