We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.


When you click on a retailer link on our site, we may earn affiliate commission to help fund our not-for-profit mission.Find out more.

16 Dec 2020

Mobile phone brands putting customers at risk with inadequate update support

Your phone's software probably won't last nearly as long as the handset, leaving it vulnerable to security threats.
Woman using a smartphone

Mobile phone users could unwittingly be putting themselves at risk, as Which? research reveals the shortfall in update support compared to how long devices could last before they need replacing.

In a online survey of more than 15,000 adults*, we calculated the 'estimated lifetime' of popular tech and found huge gaps between the length of time people are holding on to their phones and the duration of security updates provided by manufacturers.

The research shows a third of Which? members kept their last phone for more than four years, but with some brands only offering crucial security updates for a little over two years, many could be unwittingly putting themselves at risk.

Read on to see which brands update their handsets for the longest time and what you should do if your phone is no longer supported.

Our mobile phone reviews clearly flag models we suspect are no longer being supported.

The problem with unsupported phones

Discarded mobile phones

Security patches are important updates that help ensure your phone is safe to use. Without them, there's an increased risk of malware, hacking and theft of personal data.

Exclusive Which? research found that smartphones from brands like Apple, Samsung and Huawei were capable of lasting six years or more before they needed replacing due to faults or issues with performance.

However, in many cases software update cycles fall far short of this - some brands only guarantee security updates for two years, which means a phone that's otherwise in good working order poses an increased risk of being hacked.

How long will my mobile phone be supported?

As there is currently no regulation on how long phones have to be supported for, or how transparent brands need to be, it can be hard to say how long your new phone will remain secure to use. However, some brands are better than others.

Apple tends to lead the pack for update cycles. Its phones are typically supported for five to six years, so, currently, anyone on an iPhone 6s or later will still have access to updates.

For other brands, two to three years is more typical. Google, OnePlus and Nokia all guarantee security updates for a minimum of three years.

However, brands don't always treat all their phones equally for keeping older handsets secure. The Samsung Galaxy S8, which launched in March 2017, is still receiving updates, but the brand hasn't always kept its cheaper models going for as long.

Phones planned to be updated can also fall off the update plan without warning, as with the Xiaomi Redmi 6A. It was launched in November 2018 and only received one MIUI update (the brand's customised version of Android) before being dropped from the list.

Which? is committed to helping consumers keep their data safe. In our reviews, we clearly flag phones, like the Huawei P30 Lite and Sony Xperia L1, if we suspect they are no longer receiving security updates from the manufacturer.

What to do if you're using an out-of-support phone

Phone downloading a software update

If your phone says there's a new update to install, make sure you download it. You should always stay on top of phone updates, moving to the latest OS (currently iOS 14 for Apple and Android 11) when it is released.

An out-of-support phone may not cause you issues right away, but you should starting looking to upgrade your handset. The older the phone, the higher the risk - so consider the typical five-year to six-year cycle for iPhones, and two to three-year cycle for Android handsets, and remember that this begins when the phone is released, not when you purchase it. If you suspect you're using an insecure handset, there are steps you can help to reduce the risks until you can upgrade:

  • Only download apps from official app stores.You may be tempted to 'sideload' an app not available from Google Play or the Apple App store, but it comes with an extra risk, as these apps may not go through the usual security checks.
  • Don't download more than you need.Avoid 'clutter' - only download apps you really need, and try to stick to reputable app developers. Check how long an app has been around for, and scrutinise reviews if you're not sure.
  • Use an antivirus app.This extra layer of defence is particularly important if your phone isn't receiving security updates. If you can't find an app to work with your OS, then it's definitely time to upgrade your phone.
  • Be alert to phishingattempts. Spam emails, texts and calls are finding more sophisticated ways to gain access to your data. Watch out for unexpected emails and texts that want you to download an attachment or click through to a website, and check for misspelt URLs and email addresses claiming to be legitimate companies.

Read our guide onmobile phone security for more detailed help and advice.

Which? calls for more transparency

Which? believes that brands should be more transparent with consumers about their update policies and practices, and communicate clearly when a device will no longer be supported.

Without this transparency, many consumers have no idea if using their phone or buying a second-hand or refurbished handset could be putting their data at risk.

The impact of this also has the potential to feed into the UK's huge e-waste problem. Phones from the most reliable brands can last six years on average, but if the software can't keep up it isn't viable to keep a phone for this long, or sell it on. By not extending their update cycles, smartphone brands are fuelling digital obsolescence and preventing the most sustainable solutions to a phone's end of life.

The Department for Digital, Culture, Media & Sport has proposed new laws for the security of smart devices. If passed, brands would be required to state at the point of sale how long you can expect your phone to receive security updates.

Which? is calling for the government to push ahead with this planned legislation, and back it up with strong enforcement measures for companies who don't follow through on their promised security support plans.

*Survey of 15,283 adults - members of the Which? Connect panel and members of the public - conducted in July 2020. 'Estimated lifetime' is based on the age of respondents' current working mobile phones and how long they kept their previous one for. The estimate factors in current age and the previous age of the product when it was replaced. Estimated lifetime just includes phones that were replaced because they were faulty, performance dropped and other related problems, and does not include mobiles replaced because the respondent simply wanted a new one.