Four in 10 people believe a mobile phone will receive crucial security updates for the length of their pay monthly contract*. But Which? research found that nearly half the smartphones available on contracts could lose support before you've finishing paying them off.
We looked at all the new phones available on contract from Carphone Warehouse, EE, Mobile Phones Direct 02, mobiles.co.uk, Three and Vodafone in mid-June 2021.
On average, 48% of these contracts were on phones that we suspect could be out of support before the end of the contract period, and 13% could lose update support less than a year in.
Find out if your phone is still protected, and what to do next.
When you buy a phone on a pay-monthly plan, there are no guarantees that its security support will last the length of your contract, or even past the first year.
This is especially the case on longer contracts. On O2, 73% of phones we looked at will lose support before the end of a 36 month contract period - the maximum duration of its O2 Refresh plan.
But even on more typical 24 month contracts, many phones were at risk. 52% of models available on contract at Carphone Warehouse could lose support before the contract ends. We also found 50% of models at mobiles.co.uk, 50% at Vodafone, 40% at Three and 33% at EE that could be similarly affected.
The risks of using a phone that has just fallen off the update cycle are small, but they increase the longer you wait. That's why we're concerned to see phones that will lose support less than a year into a contract on sale - 21% of phones for O2, 19% for mobiles.co.uk and 18 for Carphone Warehouse could lose support less than 12 months after your contract begins.
Popular models that could be affected include:
The wealth of data your phone holds makes it an enticing prospect for hackers. They can exploit the small holes that appear in the software over time, using them to plant malware on your device - so a phone that's still able to be patched to fix these issues is important.
Consumers agree. Seven in 10 (69%) said that they would be concerned if their phone was no longer receiving security updates.
You're unlikely to have your phone hacked as soon as it falls off the update cycle, but the risks increase the longer you leave it, so we recommend upgrading as soon as you can. Our has some tips to make your phone more secure to tide you buy a new handset.
As our research on contract providers shows, it's easy to pick a phone with a limited shelf life. However, Which? can help you to choose a longer-lasting handset.
Our calculator reveals how much longer we suspect a phone will have before it falls off the manufacturer's update list.
There is work to be done across the board to improve update support periods and transparency with mobile phones - but there are things you can do to help ensure you are not left out in the cold by the manufacturer.
EE disputed seven phones in our analysis and Three disputed eight, stating that manufacturers had confirmed support for the handsets, in contrary to our findings. Vodafone also believes that 'support generally extends beyond the timeframe' in our research.
Dixons Carphone (owner of Carphone Warehouse and mobiles.co.uk) said it would welcome clearer communications from manufacturers around mobile phone security that it could pass on to its customers.
Mobile Phones Direct stated its intention to work with brands to raise consumer awareness of the need to adopt the latest updates, and O2 told us that should manufacturers make one-off updates available outside of the set lifespan, they would work with them to help deliver these patches to their customers.
Samsung and Motorola both stated their commitment to customer satisfaction and security, but Oppo did not wish to comment.
Contract providers could do more to make consumers aware of security updates when they sign the paperwork, but the ultimate responsibility for this issue lies with the brands.
A lack of transparency in the industry makes it difficult to know exactly when a phone will fall off the update cycle. Short support periods are a big issue too -whilst some brands like Samsung and Apple offer more than four years of updates, some languish on just two years. That period begins from the phone's launch, not when you buy it, so if you choose a brand like Honor, Motorola, Realme or Xiaomi on a 24 month contract, you'll inevitably have some period of time out of support.
Which? is calling on smartphone brands to provide:
*according to a survey of 2,084 UK adults online in June 2021. Data was weighted to be representative of the UK population by age, gender, region, social grade, tenure and work status. Of this sample 1,985 people owned a smartphone and answered the survey questions.