Security updates are your most crucial line of defence to guard a mobile phone or any other connected device against malware and hackers. But while 77% of smartphone owners we surveyed* are aware of these patches, many misunderstand how they actually work.
Brands don't always make it easy for you, but it's crucial to understand exactly what you're getting when it comes to your smartphone's security.
Think of everything your phone knows about you. It could be your banking details, your emails or your every move tracked on your calendar - all information you wouldn't want falling into the wrong hands.
This is a rare worst-case scenario of using an out-of-support phone, but the risks do increase the longer you wait to upgrade. Read on for the facts you need to know about mobile security, and advice on how to choose a secure, long-lasting phone.
Almost half our survey respondents thought that a phone's support begins from the day of purchase. In fact, security support begins from its launch date and it counts down from there.
This makes buying a new phone tricky if you want a handset you can keep for several years. It can be tempting to wait for a few months after a phone launches to get a more purse-friendly price, but bear in mind that you could end up with a phone that's secure to use for just a few months.
Nearly half of our respondents knew that this was the case, but the lack of clarity from brands is causing confusion. In our survey, Android owners, on average, believed their phone would receive updates for two years. Apple iPhone owners were more optimistic, but still some way off, with three years. As you can see below, iPhones are far better than that and Android is a mixed bag.
The smartphone brand you choose is the biggest deciding factor in how long you will be able to use your phone securely. Support ranges from two years to more than five:
Nearly a quarter of people in our survey didn't believe that pricier phones get special treatment when it comes to updates. In most cases, this is true.
Currently, your best option for choosing a long-lasting phone is to go for a premium brand. The best supported models are Apple's often expensive iPhones, followed by expensive Samsung Galaxy and OnePlus flagships, which are creeping up in price with every new launch.
There are also discrepancies between how manufacturers treat their high-end and budget models. Nokia, OnePlus and Oppo all take an elitist approach when it comes to their updates, reserving the longest support for their most expensive handsets.
The only exception on Android is Samsung. If you buy a Galaxy phone launched from 2019, chances are it will have an impressive four years of security support. Even some super-cheap models, such as the sub-£150 , benefit from the maximum length of updates.
Only one in 10 smartphone owners knew that manufacturers aren't legally obliged to provide security updates for a set period, or weren't sure either way.
Although the industry-standard minimum is two years, this isn't set in stone. A lack of regulation in the industry means that brands can withdraw support whenever they choose, potentially leaving their customers high and dry and needing to upgrade before they want to.
The government is due to bring in new cybersecurity laws this year, including new legislation around security updates. They won't force brands to provide support for a set time, but they will need to be transparent with consumers, so you will at least know for sure when support is due to end when you sign on the dotted line for your new smartphone.
Four in 10 respondents told us they believe that a phone will receive security updates throughout the period of their contract.
With so many brands offering just two years of support from launch, it's not unlikely that you could run out of updates before a standard 24-month contract comes to an end.
Two thirds of respondents were unsure whether retailers are allowed to sell you an out of support smartphone. Unfortunately, since there's very little regulation in the industry, you could potentially end up buying an insecure device.
It's not all bad news, though. It's likely that by the time a phone is out of support, brands will have discontinued it in favour of their shiny new models. There's nothing to stop retailers from flogging old stock, but it's more likely to be an issue if you're shopping in the second-hand market than buying new.
A third of people in our survey think that they would be notified when their phone stops receiving updates. However, your notifications are most likely going to dry up when your support does, with no warning on your handset that it's fallen off the manufacturer's update cycle.
If you, like the nearly seven in 10 of the people we surveyed, are concerned about security updates, then Which? expert advice can help you to make the right choice.
Head to the tech specs section in our mobile phone reviews to see how long the brand usually updates its phones for and the estimated remaining support for that particular handset.
Our security notice lets you know when a phone falls off the update cycle, so you can avoid buying it or stop using it.
We believe that smartphone brands could and should do more to keep their customers' information secure and allow them to keep their handsets for longer. We would like to see:
*Yonder, on behalf of Which?, surveyed 2,084 UK adults online between 11 and 13 June 2021. Data was weighted to be representative of the UK population by age, gender, region, social grade, tenure and work status. Of the full sample, 1,985 people owned a smartphone and answered the survey questions.