iPhone 13 Pro Max
Over time, Android and Apple's iOS have evolved to keep up with new security threats that put your personal information at risk. But if you're still using a smartphone that's been left behind by the manufacturer, you're a much easier target.
Without important security patches, hackers can exploit vulnerabilities in a phone's software – and the risks increase the longer it is out of the update cycle. As such it's important to not only find out if your current phone is still supported, but know how long you can expect a phone you're looking to buy to receive updates.
Some Android phones stop receiving security updates after just two years. Apple iPhones last longer, at five to six, but after these timescales there's an increased risk to using the device.
Our phone support calculator below, and advice on smartphone best practice, can help.
Find out more about mobile phones and the importance of security updates.
Use the search box below to find out if the phone you own is still supported, or how long you can expect support for with a phone you're looking to buy.
If you're using a phone that's no longer being updated, you should consider upgrading. The good news is this needn't be expensive. Our tests include Best Buys for under £250, and solid alternatives for even less. Check the links below to help find your next mobile phone.
Until you are able to upgrade, follow the advice below to help mitigate the risks.
Google and Apple test every app before it's allowed into the Play Store or App store. However, you might be tempted to install apps from outside these stores from time to time, using a process called 'sideloading' – allowing apps Google hasn't verified to be installed onto your phone.
While there's less risk of doing this with apps produced by established developers, the problem with many other unverified apps is that it's often difficult to tell how legitimate they are, or if they could be hiding malware designed to compromise your device.
There's another notable risk of downloading from unofficial stores – lookalike apps. These are created to look exactly like a legitimate app, but are actually copycats that could contain malware or bombard you with advertising.
Quite simply, avoid installing apps that aren't on official stores – which shouldn't be too difficult given the wide selection available.
There's a seemingly endless array of apps available to download and use, but while it is advisable to stick to the official app store, it's not a magic bullet.
Apps that contain malware do occasionally make their way onto official stores and are usually detected and removed by Apple or Google, but that's not much comfort to those who have already downloaded them.
There's no hard and fast rule on apps to avoid, but they often take the form of accessories or customisation tools – think free wallpapers, video or photo editors, file managers, games and tools like a QR reader or flashlight.
If you're looking for an app like this, try and stick to those with plenty of reviews, that have been around for a while, and are from a reputable developer. All of this information should be available in the detailed app information on the store.
You should also try to avoid hoarding apps – if you're not using one, delete it.
App permissions control what parts of your phone an app is allowed to access – such as using your location to pinpoint your position on a map. Some apps have been known to ask for a few too many privileges, however. Select one of the options below to find out more about each permission.
One common way that illegitimate apps could create havoc on a mobile phone is through abusing these permissions. For example, a form of malware called Joker or 'Bread' was found on seemingly innocent apps relating to, among other things, photo enhancement or wallpapers for your phone. The app would ask for potentially dangerous permissions, such as access to your location, contacts, call logs or text messages. It could then subscribe to a premium service and automatically confirm payments by intercepting an SMS message, adding recurring charges to a user's phone bill.
In this example, a user may well have questioned why an app that's simply offering a range of new wallpapers or screensavers for a phone would need access to their contacts or text messages. If you download an app that's requesting seemingly unrelated information, that's a red flag. A basic calculator app shouldn't be asking for permission to read your storage card or your microphone, for example. Tread carefully – a malicious app could use the permissions you've given it to change your lock screen password and demand a fee to unlock it again.
Fortunately, improvements to Android and iOS have meant that you're given far more intuitive control of app permissions – such as allowing location services to only be used when the app is open. Permissions can also be automatically disabled if you haven't used apps in a long time.
But the fact that these are only available on newer operating systems only underlines the importance of ensuring your phone is still getting regular updates.
Phishing is the act of pretending to be a legitimate company to elicit valuable information, and it has now evolved to target smartphone users with increasingly clever tactics.
Smishing (phishing via text) and vishing (voice phishing that happens over the phone) have become popular ways to target mobile phone users. A victim of smishing may receive a text message that appears to be from their bank, prompting them to call a number and hand over their secure account information to address an issue with their account.
In our tests, we found vulnerabilities in the media libraries of older Android devices (specifically those running Android 5.1 and under) that could be exploited by phishing attacks. These attacks send media files to victims through MMS, or links in texts to malicious websites, to gain access to the device.
Crucially, it's important to know how to detect and avoid a phishing attempt – whichever form it takes. This is a common way in which malicious third parties can prey on individuals, and often no degree of security software or updates can help.
Fortunately it's quite easy to spot the warning signs with a bit of practice:
Some vulnerabilities can be due to weaknesses in an operating system, and Google does address issues with Android upgrades and security patches. However, phishing attacks have become so sophisticated that learning how to detect and avoid an attempt yourself remains the best defence.
Even though Google Play Protect acts as protection against malware, you should still consider installing third-party security software, especially if your phone is no longer receiving security updates.
In the same way that antivirus software works for your computer, antivirus apps for your mobile phone are a cheap, and sometimes free, way to protect your phone. It can help to keep your personal data safe by scanning for malware and alerting you of any problems, including if you are visiting unsafe websites or if you download malicious apps.
By ensuring that you are diligently installing security updates and using antivirus software, you're increasing your protection against any potential threats.
It's important to note that if you're using Android version 4.1 or below, you will have trouble finding security apps that are compatible with your mobile phone. In this case, as these phones will no longer be receiving security updates either, you should seriously consider upgrading.
As stated, the risk of using an older device generally increases the older it is. Mobile phones running a version of Android 6 and earlier.
It's fairly easy to check which version of Android you're using, although it does vary by device.
Alternatively, you could search for 'Android' or 'Android version' in the search bar of the Settings menu.
The most recent version is Android 12. If you're not running this version you're not necessarily at risk, but the older the version, the greater the need to consider upgrading your phone. And of course, the more important to follow the advice in this guide.
The most recent version of iOS is version 15. However, earlier versions may still be refreshed with security updates to help support older phones. If your iPhone is running iOS 11 or earlier, you should consider upgrading the device.
Unlike Android, which is used by a number of manufacturers, iOS is a closed operating system. Apple doesn't share its source code with app developers or users of its products, so there's a lower chance of attackers finding vulnerabilities in its system. For that reason, many believe that iOS is a safer operating system.
Regardless, there's no way to be completely safe, even if you do own an Apple phone – so you should similarly consider the risks of using devices that are no longer supported.
The iPhone 5 and earlier (excluding iPhone 5s) are no longer receiving security updates. If you're using any of the smartphones below or ones released earlier, you should look to invest in a new model.
Currently there are no laws on how long brands have to support their phones for, or how much they have to tell you at the point of sale. This makes it tricky to know exactly what you're buying into when you choose a new phone.
However, through research on the information brands do share, and the length of updates for their older handsets, we're able to assess brands on how long their typical update cycles are and how transparent they are with their customers.
Apple consistently leads the line when it comes to software support – the closed ecosystem of Apple products means it is able to retain greater control over devices like iPhones. Although its official update policy is five years, in practice it's often beaten this. The Apple iPhone 6s, launched in 2015, is still on the latest iOS version.
Samsung has announced that Galaxy S and Z handsets released from 2021 and upcoming A series phones from 2022 will now receive five years' worth of support, putting it in the lead for brands on Android. Most others will receive four years, however, some cheaper models, like the Galaxy A6, have been known to only have two years' worth of support before dropping off the update cycle.
Google doesn't quite beat Samsung for length of update cycle, but it is does at least have a consistent, transparent policy that lets consumers know exactly how long their Pixel phone will be supported. The Google Pixel 6 and Pixel 6 Pro are the only phones that currently receive five years of security support.
OnePlus' official update policy is three years, and in practice it's been known to beat this (the OnePlus 5, launched in June 2017, received an update in December 2020). However, two of its cheaper phones launched in 2020, the OnePlus Nord N10 5G and the OnePlus N100, have only been guaranteed two years' worth of updates. Unfortunately, it's an example of how brands can change their support policies when they choose.
Motorola clearly shows when each of its phones will run out of support, making it one of the few brands to make this crucial information accessible to its customers. Two years of updates from launch doesn't give you a lot of use out of your phone though, particularly if you want to get it on a two-year contract. A selection of its handsets, like the Motorola One Action, are part of the Android One programme, and will be supported for three years.
It's not hard to see why Xiaomi phones are popular, with their impressive specs and features, and some of the cheapest 5G handsets you can buy. However, unless you're happy to pay for the most expensive models with four years of updates, it's probably not a brand to invest in if you want a phone that will last. It's hard to clearly see which phones aren't supported, and ‘the initial two year timeframe is subject to change depending on the regions and models’.
The Department for Digital, Culture, Media & Sport has proposed new laws for the security of smart devices. If passed, brands would be required to state at the point of sale how long you can expect your phone to receive security updates.
Which? is calling for the government to push ahead with this planned legislation, and back it up with strong enforcement. But while these measures will bring some level of transparency for consumers, we think manufacturers could do more to lengthen the security lifespans of devices and help to protect the environment from unnecessary e-waste.
At a minimum, we want manufacturers to provide:
If manufacturers fail to provide adequate and transparent update support then the government will need to intervene in the interests of smartphone users.