Security updates are your most crucial line of defence to guard a mobile phone or any other connected device against malware and hackers. But while 77% of smartphone owners we surveyed* are aware of these patches, many misunderstand how they actually work.
Brands don’t always make it easy for you, but it’s crucial to understand exactly what you’re getting when it comes to your smartphone’s security.
Think of everything your phone knows about you. It could be your banking details, your emails or your every move tracked on your calendar – all information you wouldn’t want falling into the wrong hands.
This is a rare worst-case scenario of using an out-of-support phone, but the risks do increase the longer you wait to upgrade. Read on for the facts you need to know about mobile security, and advice on how to choose a secure, long-lasting phone.
Go to the best phones we’ve tested for the models that passed our tests with flying colours, or check the best Sim-free and contract phone deals at Which? Mobile Switch.
1. Security support doesn’t begin when you buy a handset
Almost half our survey respondents thought that a phone’s support begins from the day of purchase. In fact, security support begins from its launch date and it counts down from there.
This makes buying a new phone tricky if you want a handset you can keep for several years. It can be tempting to wait for a few months after a phone launches to get a more purse-friendly price, but bear in mind that you could end up with a phone that’s secure to use for just a few months.
You can check how long a smartphone could be supported for before you buy it by using our mobile support calculator.
Or go straight to all the smartphones we’ve tested to choose from one of our newly launched models.
2. Manufacturers differ in how long they provide updates for
Nearly half of our respondents knew that this was the case, but the lack of clarity from brands is causing confusion. In our survey, Android owners, on average, believed their phone would receive updates for two years. Apple iPhone owners were more optimistic, but still some way off, with three years. As you can see below, iPhones are far better than that and Android is a mixed bag.
The smartphone brand you choose is the biggest deciding factor in how long you will be able to use your phone securely. Support ranges from two years to more than five:
- 2 years Honor, Huawei, Motorola, Realme, Xiaomi
- 3 years Google, Nokia (most)
- 4 years OnePlus (some), Samsung (most)
- 5 years Apple, Fairphone
Click through to read more on which brands offer the best security support.
3. More expensive phones tend to have longer support periods
Nearly a quarter of people in our survey didn’t believe that pricier phones get special treatment when it comes to updates. In most cases, this is true.
Currently, your best option for choosing a long-lasting phone is to go for a premium brand. The best supported models are Apple’s often expensive iPhones, followed by expensive Samsung Galaxy and OnePlus flagships, which are creeping up in price with every new launch.
There are also discrepancies between how manufacturers treat their high-end and budget models. Nokia, OnePlus and Oppo all take an elitist approach when it comes to their updates, reserving the longest support for their most expensive handsets.
The only exception on Android is Samsung. If you buy a Galaxy phone launched from 2019, chances are it will have an impressive four years of security support. Even some super-cheap models, such as the sub-£150 Samsung Galaxy A02s, benefit from the maximum length of updates.
4. Smartphone brands don’t legally have to provide updates for a set minimum period
Only one in 10 smartphone owners knew that manufacturers aren’t legally obliged to provide security updates for a set period, or weren’t sure either way.
Although the industry-standard minimum is two years, this isn’t set in stone. A lack of regulation in the industry means that brands can withdraw support whenever they choose, potentially leaving their customers high and dry and needing to upgrade before they want to.
The government is due to bring in new cybersecurity laws this year, including new legislation around security updates. They won’t force brands to provide support for a set time, but they will need to be transparent with consumers, so you will at least know for sure when support is due to end when you sign on the dotted line for your new smartphone.
5. Security updates aren’t guaranteed for the length of your contract
Four in 10 respondents told us they believe that a phone will receive security updates throughout the period of their contract.
It’s far from an unreasonable expectation, although it’s sadly unrealistic. A Which? Investigation revealed that, on average, 48% of mobile phone contracts could leave consumers with an insecure device before they’ve even finished paying it off.
With so many brands offering just two years of support from launch, it’s not unlikely that you could run out of updates before a standard 24-month contract comes to an end.
6. Retailers are allowed to sell out of support smartphones
Two thirds of respondents were unsure whether retailers are allowed to sell you an out of support smartphone. Unfortunately, since there’s very little regulation in the industry, you could potentially end up buying an insecure device.
It’s not all bad news, though. It’s likely that by the time a phone is out of support, brands will have discontinued it in favour of their shiny new models. There’s nothing to stop retailers from flogging old stock, but it’s more likely to be an issue if you’re shopping in the second-hand market than buying new.
Read our guide on how to buy a refurbished phone for our top tips on getting the best deal when you’re after a pre-owned handset.
7. You won’t be notified when your update period ends
A third of people in our survey think that they would be notified when their phone stops receiving updates. However, your notifications are most likely going to dry up when your support does, with no warning on your handset that it’s fallen off the manufacturer’s update cycle.
Make sure to check all our mobile phone reviews to see which devices we flag as out of support.
Smartphone security: how Which? can help
If you, like the nearly seven in 10 of the people we surveyed, are concerned about security updates, then Which? expert advice can help you to make the right choice.
Security updates tool
Our mobile support calculator allows you to type in your make and model and find out whether it’s still being supported, and how much longer we believe it will be updated for.
Head to the tech specs section in our mobile phone reviews to see how long the brand usually updates its phones for and the estimated remaining support for that particular handset.
Security notice on out-of-support handsets
Our security notice lets you know when a phone falls off the update cycle, so you can avoid buying it or stop using it.
Which? calls for industry-level change
We believe that smartphone brands could and should do more to keep their customers’ information secure and allow them to keep their handsets for longer. We would like to see:
- At least five years of software and security updates across all devices from point of release, regardless of popularity or cost
- In-device notifications about when update support will cease, so that consumers can make more informed decisions about next steps
- More regular update support from when manufacturers are first made aware of patches, particularly for those using the Android operating system
- Greater clarity about actual updates policies at time of purchase and on a publicly available website, so consumers are fully informed about update provision before they buy.
*Yonder, on behalf of Which?, surveyed 2,084 UK adults online between 11 and 13 June 2021. Data was weighted to be representative of the UK population by age, gender, region, social grade, tenure and work status. Of the full sample, 1,985 people owned a smartphone and answered the survey questions.