By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.

Which? Security Notice will warn about at-risk smart devices

Mobile phones, tablets and other smart devices that no longer receive updates, or products with security flaws, will be clearly signposted to consumers.
Alice Williams

Smart technology is helping us to unlock more conveniences than ever in our homes and on our phones, but the more connected devices we surround ourselves with, the more appealing we are to hackers.

Too many brands have been slow to adopt robust security standards and don't support devices for long enough with important updates - so how do you know who to put your trust in before you buy?

Which? can help. We run robust security tests on more than 30 product categories, and our Security Notice for members and non-members will clearly flag any issues in our reviews.

See the best wireless security cameras, smart video doorbells and best wi-fi routers that passed our tough security tests with flying colours.

Smart devices that pose a security risk

With the amount of data your phone holds, it's an absolute goldmine for hackers. That's why manufacturers send out regular updates, which patch up small holes that appear in the software over time. This keeps your information secure.

These updates are important. In fact, 88% of Which? members responding to our survey told us that they would be concerned if their phone was no longer receiving them*. But software support doesn't last forever, with many brands only promising patches for two years after the phone's launch.

Once a smart device, like a smartphone or tablet, has dropped off the update cycle, we issue a security notice - look out for this on our reviews. You'll also be able to read more information about the problem and how to mitigate the risks if you own the device.

We also review our Best Buys every month and remove our recommendation from any that we suspect have less than a year of support remaining.

Read about the smartphone brands with the best security support and refurbished mobile phones to avoid.

How to find out how long a mobile phone or tablet will be supported

Manufacturers aren't always forthcoming about when their update periods will end, which isn't helpful if you're shopping around.

79% of Which? members we asked see the length of update cycles as important to their purchase*. If you're one of them, we can help. Head to the tech specs of any of our mobile phone reviews to check a handset; we clearly label how long we estimate it may have left based on the brand's minimum support periods and also give any device-specific information.

Use our phone support tool to browse over 500 models for their update status, and our tablet support tool to check for similar issues here.

Your phone or tablet is very unlikely to pose a problem the day after its last patch. The longer it goes without an update, though, the more at risk it is, so we recommend upgrading when you can.

wireless security camera

Security warnings for at-risk smart devices

Security and updates aren't just important for smartphones and tablets. In fact, nearly every device we buy now can potentially be smart, from coffee machines to cameras to cars.

We run rigorous tests on more than 30 different types of smart products for how they protect your privacy and security. Worryingly, we often find flaws - from minor housekeeping issues to critical risks.

When we find an issue that poses a significant risk to you, we will take action and place a security notice on the review. This warns of the issue we have found and tells you what to do.

It might be that we are working with the manufacturer to fix the issue, and that is pending, as with the two products below.

Or, it might be that the manufacturer does not intend to fix the issue, despite exhaustive contact from us, and so we have no choice but to warn you not to buy the device. Either way, we will make sure you get the most secure devices for your budget.

TP-Link Tapo C310

We run all wireless security cameras, such as this TP-Link model, through a barrage of tests to see how well they protect your online privacy and security, and how easily they could be hacked.

During testing we found that this camera had a vulnerability that was reasonably low risk but still concerning. So, we contacted TP-Link and asked it to fix the issue.

Find out more in our TP-link Tapo C310 review

TP-Link Archer AX50

Our extensive test programme uncovered a cause for concern with this third-party router, also from TP-Link.

We contacted the company about our findings and it issued a fix. Read more in our TP-Link Archer AX50 review.

How to shop smart for smart devices

While there's work to be done to improve standards across the board for smart devices, that doesn't mean you should avoid them altogether. Consider the following steps to help minimise any risk.

  • Pick a good brand. While well-known brands aren't immune to poor security practices, we tend to find the most security issues on cheaper devices from online marketplaces.
  • Add extra security.As a minimum, pick a strong, hard-to-guess password, and add two-factor authentication (logging in with a second device) if it's available.
  • Keep devices updated.Download any security patches as soon as they're available, and try to set them to update automatically.
  • Know your rights.The Consumer Rights Act states that goods must be 'of satisfactory quality, fit for purpose and as described', including digital elements. If you have any security flaws, you should consider making a claim.

Which? calls for more transparency around security updates

This year, the government's Product Security and Telecoms Infrastructure Bill will, for the first time, set legal requirements for connected products. Default passwords (easy pickings for hackers) will be banned, vulnerability disclosures will be encouraged and manufacturers would be compelled to tell you how long your product will be supported for when you buy it.

When it comes to mobile phones, we're calling on manufacturers to go further. At a minimum, we want them to provide:

  • at least five years of software and security updates across all their devices from point of release, regardless of popularity or cost
  • in-device notifications about when update support will cease, so that consumers can make more informed decisions about next steps
  • more regular update support from when manufacturers are first made aware of patches, particularly for those using the Android operating system
  • greater clarity about actual updates policies at time of purchase, and on a publicly available website, so consumers are fully informed about update provision before they buy.

*Based on a May 2021 survey of 1,246 Which? members.

More on this

Related articles