We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.

Technology.

27 October 2021

Mobile phone security: check how long a phone will stay secure

Use our security support tool to see if a phone you own or are looking to buy is still secure, and find out what to do if you're at risk.
Which? Team

Over time, Android and Apple's iOS have evolved to keep up with new security threats that put your personal information at risk. But if you're still using a smartphone that's been left behind by the manufacturer, you're a much easier target.

Without important security patches, hackers can exploit vulnerabilities in a phone's software – and the risks increase the longer it is out of the update cycle. As such it's important to not only find out if your current phone is still supported, but know how long you can expect a phone you're looking to buy to receive updates.

Some Android phones stop receiving security updates after just two years. Apple iPhones last longer, at five to six, but after these timescales there's an increased risk to using the device.

Our phone support calculator below, and advice on smartphone best practice, can help.

You can also check the tech specs section in our mobile phone reviews to see security update information for every phone we test.

Which? phone support calculator

Use the search box below to find out if the phone you own is still supported, or how long you can expect support for with a phone you're looking to buy. 

These support periods are based on our own estimates and research into typical manufacturer and device-specific support. If you're using a phone that's no longer being updated, you should consider upgrading. Until you do, follow the advice below to help mitigate the risks.

Video: is your phone at risk?

Find out more about mobile phones and the importance of security updates.

Which brands support their smartphones for longest?

Currently there are no laws on how long brands have to support their phones for, or how much they have to tell you at the point of sale. This makes it tricky to know exactly what you're buying into when you choose a new phone.

However, through research on the information brands do share, and the length of updates for their older handsets, we're able to assess brands on how long their typical update cycles are and how transparent they are with their customers.

Apple iPhone support durations

  • Typical support duration: 5-6 years
  • Clearly labels unsupported phones? No
  • Popular handsets that are no longer supported: iPhone 6 and below

Apple consistently leads the line when it comes to software support – the closed ecosystem of Apple products means it is able to retain greater control over devices like iPhones. Although its official update policy is five years, in practice it's often beaten this. The Apple iPhone 6s, launched in 2015, is still on the latest iOS version.

Read our Apple iPhone reviews to find your perfect model.

Samsung mobile phone support durations

  • Typical support duration: 2-4 years
  • Clearly labels unsupported phones? No
  • Popular handsets that are no longer supported: Samsung Galaxy S8 and earlier, Samsung Galaxy A6

Samsung has announced that Galaxy handsets released from 2019 will receive four years' worth of support, putting it in the lead for brands on Android. However, not all its phones are included, and some cheaper models, like the Galaxy A6, have been known to only have two years' worth of support before dropping off the update cycle.

Samsung has a wide range of models across all budgets – our Samsung mobile phone reviews will help you pick one that lasts.

Google mobile phone support durations

  • Typical support duration: 3 years
  • Clearly labels unsupported phones? Yes
  • Popular handsets that are no longer supported: Google Pixel 2, Google Pixel XL

Google doesn't quite beat Samsung for length of update cycle, but it is does at least have a consistent, transparent policy that lets consumers know exactly how long their Pixel phone will be supported.

Read our Google Pixel phone reviews to see how long you'll get support for on key models.

OnePlus mobile phone support durations

  • Typical support duration: 2-3 years
  • Clearly labels unsupported phones? Yes
  • Popular handsets that are no longer supported: OnePlus 3, OnePlus 3T

OnePlus' official update policy is three years, and in practice it's been known to beat this (the OnePlus 5, launched in June 2017, received an update in December 2020). However, two of its cheaper phones launched in 2020, the OnePlus Nord N10 5G and the OnePlus N100, have only been guaranteed two years' worth of updates. Unfortunately, it's an example of how brands can change their support policies when they choose.

Our reviews of OnePlus phones will help you pick a top performer that goes the distance.

Motorola mobile phone support durations

  • Typical support duration: 2-3 years
  • Clearly labels unsupported phones? Yes
  • Popular handsets that are no longer supported: Motorola Moto G6, Motorola Moto E5

Motorola clearly shows when each of its phones will run out of support, making it one of the few brands to make this crucial information accessible to its customers. Two years of updates from launch doesn't give you a lot of use out of your phone though, particularly if you want to get it on a two-year contract. A selection of its handsets, like the Motorola One Action, are part of the Android One programme, and will be supported for three years.

Find out which of Motorola's budget-friendly phones impressed with our Motorola phone reviews.

Xiaomi mobile phone support durations

  • Typical support duration: 2-3 years
  • Clearly labels unsupported phones? No
  • Popular handsets that are no longer supported: Xiaomi Redmi 6A, Xiaomi Mi 8

It's not hard to see why Xiaomi phones are popular, with their impressive specs and features, and some of the cheapest 5G handsets you can buy. However, it's probably not a brand to invest in if you want a phone that will last. It's hard to clearly see which phones aren't supported, the typical update cycle is only two years, and ‘the initial two year timeframe is subject to change depending on the regions and models’.

See our Xiaomi mobile phone reviews to find out if any can rival pricier rivals.

Buying-the-best-android-phone2

What to do if your mobile phone is no longer supported

If your phone loses support updates, you may not be in any immediate danger, but should consider buying a new one when you can. Check our mobile phone reviews, where we've found Best Buy models that cost a little over £200.

Which? reviews clearly indicate if a phone is no longer receiving security updates. We also include information on estimated remaining support periods, and typical update policies in the tech specs section of each review.

In the meantime, watch the video above for some tips, and follow the advice below to help mitigate the risks.

Avoid apps from unofficial app stores

Google and Apple test every app before it's allowed into the Play Store or App store. However, you might be tempted to install apps from outside these stores from time to time, using a process called 'sideloading' – allowing apps Google hasn't verified to be installed onto your phone.

While there's less risk of doing this with apps produced by established developers, the problem with many other unverified apps is that it's often difficult to tell how legitimate they are, or if they could be hiding malware designed to compromise your device. 

There's another notable risk of downloading from unofficial stores – lookalike apps. These are created to look exactly like a legitimate app, but are actually copycats that could contain malware or bombard you with advertising. 

Quite simply, avoid installing apps that aren't on official stores – which shouldn't be too difficult given the wide selection available.

Be selective with apps you download

There's a seemingly endless array of apps available to download and use, but while it is advisable to stick to the official app store, it's not a magic bullet.

Apps that contain malware do occasionally make their way onto official stores and are usually detected and removed by Apple or Google, but that's not much comfort to those who have already downloaded them.

There's no hard and fast rule on apps to avoid, but they often take the form of accessories or customisation tools – think free wallpapers, video or photo editors, file managers, games and tools like a QR reader or flashlight.

If you're looking for an app like this, try and stick to those with plenty of reviews, that have been around for a while, and are from a reputable developer. All of this information should be available in the detailed app information on the store.

You should also try to avoid hoarding apps – if you're not using one, delete it.

Manage your app permissions

App permissions control what parts of your phone an app is allowed to access – such as using your location to pinpoint your position on a map. Some apps have been known to ask for a few too many privileges, however. Select one of the options below to find out more about each permission.

One common way that illegitimate apps could create havoc on a mobile phone is through abusing these permissions. For example, a form of malware called Joker or 'Bread' was found on seemingly innocent apps relating to, among other things, photo enhancement or wallpapers for your phone. The app would ask for potentially dangerous permissions, such as access to your location, contacts, call logs or text messages. It could then subscribe to a premium service and automatically confirm payments by intercepting an SMS message, adding recurring charges to a user's phone bill.

In this example, a user may well have questioned why an app that's simply offering a range of new wallpapers or screensavers for a phone would need access to their contacts or text messages. If you download an app that's requesting seemingly unrelated information, that's a red flag. A basic calculator app shouldn't be asking for permission to read your storage card or your microphone, for example. Tread carefully – a malicious app could use the permissions you've given it to change your lock screen password and demand a fee to unlock it again.

Fortunately, improvements to Android and iOS have meant that you're given far more intuitive control of app permissions – such as allowing location services to only be used when the app is open. Permissions can also be automatically disabled if you haven't used apps in a long time.

But the fact that these are only available on newer operating systems only underlines the importance of ensuring your phone is still getting regular updates.

Know how to recognise phishing attacks

Phishing is the act of pretending to be a legitimate company to elicit valuable information, and it has now evolved to target smartphone users with increasingly clever tactics.

Smishing (phishing via text) and vishing (voice phishing that happens over the phone) have become popular ways to target mobile phone users. A victim of smishing may receive a text message that appears to be from their bank, prompting them to call a number and hand over their secure account information to address an issue with their account.

In our tests, we found vulnerabilities in the media libraries of older Android devices (specifically those running Android 5.1 and under) that could be exploited by phishing attacks. These attacks send media files to victims through MMS, or links in texts to malicious websites, to gain access to the device.

Crucially, it's important to know how to detect and avoid a phishing attempt whichever form it takes. This is a common way in which malicious third parties can prey on individuals, and often no degree of security software or updates can help.

Fortunately it's quite easy to spot the warning signs with a bit of practice:

  • Mis-spelt URLs – check links by hovering over them, but don't click them. Look carefully, as they can often look quite legitimate, eg www.AM4ZON.com.
  • Sender email addresses. Even though the sender might appear as 'Facebook' or 'Paypal', look carefully at the actual email address. It it doesn't appear legitimate, be wary.
  • Be mindful of telltale signs in dodgy emails, such as poor grammar, logos that don't look quite right and vague titles like 'Dear customer'.
  • If you're concerned and want to double-check, log into the website in question through the company's official web address, or call them to confirm the issue.

Some vulnerabilities can be due to weaknesses in an  operating system, and Google does address issues with Android upgrades and security patches. However, phishing attacks have become so sophisticated that learning how to detect and avoid an attempt yourself remains the best defence.

Consider antivirus apps

Even though Google Play Protect acts as protection against malware, you should still consider installing third-party security software, especially if your phone is no longer receiving security updates.

In the same way that antivirus software works for your computer, antivirus apps for your mobile phone are a cheap, and sometimes free, way to protect your phone. It can help to keep your personal data safe by scanning for malware and alerting you of any problems, including if you are visiting unsafe websites or if you download malicious apps. 

By ensuring that you are diligently installing security updates and using antivirus software, you're increasing your protection against any potential threats.

It's important to note that if you're using Android version 4.1 or below, you will have trouble finding security apps that are compatible with your mobile phone. In this case, as these phones will no longer be receiving security updates either, you should seriously consider upgrading.

Read more about antivirus software and why it's important in our guide to the Best mobile antivirus software.

How to check your phone operating system version

How to check OS version on Android

As stated, the risk of using an older device generally increases the older it is. Mobile phones running a version of Android 4 and earlier (typically this will include models released around 2012) are at greater risk.

It's fairly easy to check which version of Android you're using, although it does vary by device.

  • Open the main 'Settings' menu on the phone.
  • Look for an entry that reads 'About phone' or similar, typically near the bottom of the menu.
  • You should see an entry that reads 'Android version', followed by a number. If you're a Samsung user, click 'Software information' to see this entry.

Alternatively, you could search for 'Android' or 'Android version' in the search bar of the Settings menu.

The most recent version is Android 12. If you're not running this version you're not necessarily at risk, but the older the version, the greater the need to consider upgrading your phone. And of course, the more important to follow the advice in this guide.

How to check OS version on iOS

  • Open the Settings menu.
  • Choose 'General'.
  • Tap 'About', where you can see the iOS version.
  • Alternatively, choose 'Software update' to see the iOS version, and also check to see whether any updates are available.

The most recent version of iOS is version 15. However, earlier versions may still be refreshed with security updates to help support older phones. If your iPhone is running iOS 11 or earlier, you should consider upgrading the device.

Are iPhones safer than Android phones?

Unlike Android, which is used by a number of manufacturers, iOS is a closed operating system. Apple doesn't share its source code with app developers or users of its products, so there's a lower chance of attackers finding vulnerabilities in its system. For that reason, many believe that iOS is a safer operating system.

Regardless, there's no way to be completely safe, even if you do own an Apple phone – so you should similarly consider the risks of using devices that are no longer supported. 

Which Apple smartphones are a security risk?

The iPhone 6 and earlier are no longer receiving security updates. The iPhone 6 was released in September 2014, so if you're using any of the smartphones below or ones released earlier, you should look to invest in a new model.

  • Apple iPhone 6 and 6 Plus (September 2014)
  • Apple iPhone 5C and 5S (September 2013)
  • Apple iPhone 5 (September 2012)
  • Apple iPhone 4S (October 2011)
  • Apple iPhone 4 (September 2010)

Which? calls for more transparency around security updates

The Department for Digital, Culture, Media & Sport has proposed new laws for the security of smart devices. If passed, brands would be required to state at the point of sale how long you can expect your phone to receive security updates. 

Which? is calling for the government to push ahead with this planned legislation, and back it up with strong enforcement. But while these measures will bring some level of transparency for consumers, we think manufacturers could do more to lengthen the security lifespans of devices and help to protect the environment from unnecessary e-waste. 

At a minimum, we want manufacturers to provide:

  • At least five years of software and security updates across all their devices from point of release, regardless of popularity or cost.
  • In-device notifications about when update support will cease, so that consumers can make more informed decisions about next steps.
  • More regular update support from when manufacturers are first made aware of patches, particularly for those using the Android operating system. 
  • Greater clarity about actual updates policies at time of purchase, and on a publicly available website, so consumers are fully informed about update provision before they buy.

If manufacturers fail to provide adequate and transparent update support then the government will need to intervene in the interests of smartphone users.

If you're looking to upgrade a phone on a budget, read our guide to the best cheap mobile phones, or if you're willing to spend a little more, we also cover the best mid-range mobile phones.