Mobile phone users could unwittingly be putting themselves at risk, as Which? research reveals the shortfall in update support compared to how long devices could last before they need replacing.
In a online survey of more than 15,000 adults*, we calculated the 'estimated lifetime' of popular tech and found huge gaps between the length of time people are holding on to their phones and the duration of security updates provided by manufacturers.
The research shows a third of Which? members kept their last phone for more than four years, but with some brands only offering crucial security updates for a little over two years, many could be unwittingly putting themselves at risk.
Read on to see which brands update their handsets for the longest time and what you should do if your phone is no longer supported.
Security patches are important updates that help ensure your phone is safe to use. Without them, there's an increased risk of malware, hacking and theft of personal data.
Exclusive Which? research found that smartphones from brands like Apple, Samsung and Huawei were capable of lasting six years or more before they needed replacing due to faults or issues with performance.
However, in many cases software update cycles fall far short of this - some brands only guarantee security updates for two years, which means a phone that's otherwise in good working order poses an increased risk of being hacked.
As there is currently no regulation on how long phones have to be supported for, or how transparent brands need to be, it can be hard to say how long your new phone will remain secure to use. However, some brands are better than others.
Apple tends to lead the pack for update cycles. Its phones are typically supported for five to six years, so, currently, anyone on an iPhone 6s or later will still have access to updates.
For other brands, two to three years is more typical. Google, OnePlus and Nokia all guarantee security updates for a minimum of three years.
However, brands don't always treat all their phones equally for keeping older handsets secure. The, which launched in March 2017, is still receiving updates, but the brand hasn't always kept its cheaper models going for as long.
Phones planned to be updated can also fall off the update plan without warning, as with the Xiaomi Redmi 6A. It was launched in November 2018 and only received one MIUI update (the brand's customised version of Android) before being dropped from the list.
Which? is committed to helping consumers keep their data safe. In our reviews, we clearly flag phones, like the and Sony Xperia L1, if we suspect they are no longer receiving security updates from the manufacturer.
If your phone says there's a new update to install, make sure you download it. You should always stay on top of phone updates, moving to the latest OS (currently iOS 14 for Apple and Android 11) when it is released.
An out-of-support phone may not cause you issues right away, but you should starting looking to upgrade your handset. The older the phone, the higher the risk - so consider the typical five-year to six-year cycle for iPhones, and two to three-year cycle for Android handsets, and remember that this begins when the phone is released, not when you purchase it. If you suspect you're using an insecure handset, there are steps you can help to reduce the risks until you can upgrade:
Which? believes that brands should be more transparent with consumers about their update policies and practices, and communicate clearly when a device will no longer be supported.
Without this transparency, many consumers have no idea if using their phone or buying a second-hand or refurbished handset could be putting their data at risk.
The impact of this also has the potential to feed into the UK's huge e-waste problem. Phones from the most reliable brands can last six years on average, but if the software can't keep up it isn't viable to keep a phone for this long, or sell it on. By not extending their update cycles, smartphone brands are fuelling digital obsolescence and preventing the most sustainable solutions to a phone's end of life.
The Department for Digital, Culture, Media & Sport has proposed new laws for the security of smart devices. If passed, brands would be required to state at the point of sale how long you can expect your phone to receive security updates.
Which? is calling for the government to push ahead with this planned legislation, and back it up with strong enforcement measures for companies who don't follow through on their promised security support plans.
*Survey of 15,283 adults - members of the Which? Connect panel and members of the public - conducted in July 2020. 'Estimated lifetime' is based on the age of respondents' current working mobile phones and how long they kept their previous one for. The estimate factors in current age and the previous age of the product when it was replaced. Estimated lifetime just includes phones that were replaced because they were faulty, performance dropped and other related problems, and does not include mobiles replaced because the respondent simply wanted a new one.