/ Technology

Why we’re calling for longer support for mobile phones

It’s all very well equipping phones with longer-lasting hardware, but it’s self defeating if the software can’t keep up. Do you agree brands should be doing more?

“What do you mean, I need a new phone? I’ve only had this for four years – it works absolutely fine.”

I hate having this conversation with people, and yet I have it all too often. It’s true that a four-year-old phone does a perfectly fine job: it still makes calls, runs apps, takes photos, plays music, and it seems incredibly wasteful to stop using it and buy a new phone.

The problem is that Android phones in particular are typically only supported for two or three years, which might include two new versions of Android. Usually they get two new versions of Android, plus another year of security updates. Some cheaper phones don’t even get that much. And that’s three years (or two years) from the launch date: if you buy a phone that was launched 18 months ago you’re only going to get at best 18 months before you need to replace it.

Google, which makes the Android operating system, has said it’s trying to guarantee new phones will be compatible with Android updates for at least four years – but in practice this will be slow to roll out, assuming it ever does.

Secure By Design

So I was very glad to hear the news that mobile phones will come into the scope of the Secure By Design rules announced at the end of last month, which will at least make it clear when you’re buying a new phone (or other device) how long you can expect to get security updates for.

However, while that transparency is welcome, it doesn’t solve the problem of the short support life for Android phones and tablets. That’s why we’ve made two decisions here at Which?.

The first is that we are now calling for all phones and tablets to be supported for a minimum of five years. iPhones and iPads do generally get at least five years of support, and we’d like to see Android manufacturers raise their game on this too. 

Samsung recently picked up the baton and said it will support most of its Galaxy devices for a minimum of four years from first release. That means its devices launched since 2019 will still be getting updates next year, which is good news.

The other decision we’ve taken at Which? is that we will remove a Best Buy recommendation from any phone that has less than a year left before it stops getting updates, however brilliant it was when it was launched.

When will your phone stop getting updates?

If you’re thinking of buying a phone, one thing you can do is search the model number and its launch date. You should be able to find that quickly. And to help you choose when you’re looking for a new phone, we’ve built a tool that tells you how long a phone has before it’s out of support.

Try the Which? phone support calculator here

When I first looked at that tool, it was quite an eye-opener: the OnePlus Nord N100, for example, which was only released in October last year, has just 18 months left before it’s out of support. It’s priced around £130, but suddenly that seems rather less of a bargain.

What are the risks of an out-of-support phone?

You’re unlikely to be in any immediate danger, but the risk increases the longer a phone it goes without updates. Those updates patch new security holes in the operating system and apps, and the longer you leave it, the more likely you are to fall victim to malware sneaking on to your phone, which could in turn lead to data loss or identity theft. 

Additionally, the longer you use an old phone, the more you’ll find that apps will stop working. Android app developers have to work with a huge range of phones, and it’s unsurprising that they don’t want to carry on supporting apps for devices that are long past their use-by date.

I’m glad that things are starting to improve with Android devices: sometimes I feel as though my gravestone will say “Here lies Kate, who tried to get Android manufacturers to improve their support for their devices.” If we do get to a place where more devices last for longer, it will be better for our pockets, better for the planet and I’ll feel that it was a life well lived.

How long do you keep your phones, and are you concerned about how long they last for? Let us know in the comments.

Comments

Thanks for this Conversation Kate. The subject has been debated at length elsewhere but it is useful to have this focused discussion.

Not everyone will see the Which? recommendations so the information about the length of remaining support needs to be available at the point of sale. We can choose a washing machine or fridge on the basis of energy consumption if we wish but at present it’s not possible for consumers to find out which phones (and tablets, laptops, computers, gadgets) will be supported for longest.

With an increasing number of people using mobile banking and accessing other accounts online it is important that they are using phones with a supported operating system and hopefully additional security software.

All very valid Kate and totally wasteful of resources. One way round this is to make each Android update available so that older phones, with sufficient capacity, can simply swop the old version for the new one. What the makers seem to do is to add bits to the new phones to run the new systems and thus the chips in the older phones can’t process the new data in the next version. They might claim that this is because the newer phones work better with more pizzazz and temptation, but, as you say, they probably don’t do much more worthwhile and it is a ploy to make sure sales are kept buoyant.
My old ten year old phone was eventually kept together by sticky tape, but the new one is less convenient (in my podgy hands) and doesn’t do much more than the old one did even if it does it faster and a little better. Like the ink cartridge scandal, it is difficult to see how we can change the minds of these multi national companies that operate in billions of dollars as annual turn over. Obviously customers are falling for the hype and, with easy pay contracts (another scandal) more can afford to swop every year or so without thinking about it. Renew the contract for a few pounds more and there’s a new phone in the pocket.
So, who can change minds? Would a Which? publicity campaign do any good….well, would it really? Could governments slap a tax on new phones that are replacements for old ones in less than eighteen months and have new operating systems installed? Could a third party, or even the companies themselves offer an update service for older phones as an add on contract or one off fee? Could countries insist that new phones have interchangeable modules that update at a shop counter and insist that the old modules are recycled? If customers are lured into the new phone cycle, it needs “others” to change the pattern. The only “others” are the phone data access suppliers like Vodafone and O2 or governments of countries. Some may be more willing to legislate than others.

Kate said:
If you’re thinking of buying a phone, one thing you can do is search the model number and its launch date. You should be able to find that quickly.

I 100% agree Kate, so please can you get launch dates reinstated on Which? reviews. Out of the 10 Samsung phones on the much reduced results of just 10 items per page, 2 of the phones (S10s) will only get 3 years of updates ending in about 9 months time.

To find out that information on Which? you have to select the phone, a Samsung Galaxy S10 with BEST BUY status and a test score of 80%.
First screen – not a date in sight.
Second screen – Expert Review – we see the phone was reviewed Mar 2019 and called a real winner under ‘Should I buy it?’.
Third screen – Test Results – again see the phone was tested Mar 2019
Fourth screen – Tech Specs – Finally we find the phone was launched Feb 2019, so over 2 years old.

So we have 2 high-scoring phones with Best buy status one costing £795 that will be useless in less than a year appearing in the first 10 Samsung phones.

You should not have to go into every product and click 4 times plus much scrolling to find the launch date. I just do not understand the mentality of removing this very important information on a consumer site that should be making it easy for us to make sensible purchasing decisions.

You certainly cannot find the launch date quickly on Which?

Thanks Kate.

julian says:
5 May 2021

I agree. I purchased my Android mid-range phone in June 2018 (it was released in April) and it had its last security update in April 2020. I should have already replaced it to improve security and I will do so.
It does seem a waste of resources as it is still in good working order. The apps are still responsive enough, plenty of storage and battery is still good.
It seems if I want to get five years of updates it will need to get an iPhone. I might look into it.
I am prepared to pay more for less waste.

Apps from the Apple App Store are likely to be more secure than apps for Android devices, although Android offers a wider range.

I think the problem here is more to do with OS updates rather than the security of apps themselves.

For me, Apple phones are just sold at rip off prices.

Yes iPhones are expensive but the real rip off is phones supported for a couple of years, like the one bought by Julian.

I agree that mid range or high end Android phones are even more of a rip off. It always amazes me that a lot of people happily spend (waste?) so much money on smart phones. OK, it’s their choice, but I think I can find better ways of spending my money.

I got to handle a new model iPhone SE last weekend. It was overall a nice phone with one very disappointing feature. I was setting up wifi printing on it and found that its onboard wifi reception was very poor. Specifically, I had to move from the location of the wifi printer, two rooms away from the wifi source, into the room with the wifi source before I could get a reliable wifi connection on the phone. After that, it was easy to set up wifi printing (another great Apple feature) but having to then leave the phone and walk to the printer to clear a paper jam was annoying.

If we can get all phones supported by software updates for 5 years, then the next battle will be getting spare parts available for all repairers. Personally, I think the design of iPhones has gone backwards since the days of the 6 and 6s, as those phones were easy to dismantle and repair.

Yes we will need to fight for manufacturers to supply spares and make it easy to replace batteries. Louis Rossmann is on the case, at least with Apple products.

Perhaps the greatest challenge is to encourage people to keep phones longer. Many want to to replace their phone as soon as their contract ends. Nowadays there are good SIM-only deals that help remove the temptation.

Even 5 years is a short life for software support. On Sunday I was given a fully functional Windows Vista laptop. I was able to replace that unsupported OS with MX Linux, thus allowing the machine to continue in use. In this case, I think this PC is already 12 years old.

I hope that most people are aware that their web surfing can be tracked. This came as a surprise to me in 1995 when I set up a website for a society. The local town council had given us webspace and hoped that our activities would add interest and promote tourism. Shortly after our site was live I was sent logs showing a list of visitors. There were no names but their IP address, platform, operating system version and browser version. I was reminded of this recently when DerekP posted this link: https://brax.me/geo/ Click on Device Signature to find what information you pass on when surfing, unless you are using a VPN.

I wonder if this information could be used to automatically prevent access to online banking if users are putting themselves at risk by using obsolete software, for example if a phone or computer can no longer be updated. At the very least it could warn the user that they are taking a risk.

David says:
17 May 2021

VPNs are the way to go for security but there are many sites which refuse a connection, or make you jump through hoops, if using a VPN. Google being one of the worst offenders.

Em says:
19 May 2021

Consumer VPNs do not provide much in the way of security for personal users, unless they are trying to hide their IP address, or the geographical origin of their browsing habits. Some activities being illegal in some parts of the world, anonymous browsing may have its benefits.

But at some point, you still have to emerge from that secure VPN tunnel, connect to a real website and reveal a part of your identity to do anything useful, whether it’s being forced to sign in and authenticate via your email address, send an auth code to your mobile phone number, or pay for something with a credit card.

B2B VPNs are a different matter and serve a different purpose, since both end-points are within the domain of a single organisation.

Em says:
19 May 2021

@Kate Bevan please:

I note that Which? have started advising against purchasing a second-hand phone irrespective of price, such as the excellent Galaxy S8, on the grounds that Samsung are expected to stop issuing Android updates for that model within the next year or so.

I can understand that Which? are campaigning for manufacturers to extend their support window, due to the cost for consumers of this built-in obsolecence and the increasing amounts of e-waste being generated. But surely, this is just playing into their hands by encouraging consumers not to buy second-hand phones. Is buy new for your safety and security really the best message here?

Compared to the cost of the latest model, which may be shinier and have a few more bells and whistles, a second hand phone is a veritable bargain – rather like buying a quality two year old car – and has the potential to save the consumer a lot of money, both immediately and into the future.

In terms of the risk of not receiving future security patches, etc., that seems totally overplayed. Most of the software exploits discovered are highly technical and some are just theoretical – often published to boost the trade profile of some tin pot security consultancy who have been snooping through the code: “Oooh! Look what we’ve found … !” Of course, the manufacturer then has to address this alleged flaw, as it is now in the wild.

A two year old phone will already have most of the finite number of exploits inherent in the design identified and patched. Phone software does not “morph” and develop new security vulnerabilities on its own. So no updates can actually be good for security, if the operating system is already as stable and secure as it needs to be.

If your phone hasn’t already been penetrated in the early months of ownership, it is far less likely to fall victim in future. Software hackers who specialize in this field tend to focus on the latest phones and features, where new and as yet undetected security flaws are more likely to be found. They also get more kudos from their community by “outsmarting” Google and Apple. Nobody is really interested in developing new exploits for older phones. The target audience is diminishing in size and the owners are, almost by definition, less financially well off than the latest phone adopters.

The average consumer should be far more concerned about all the various risks of social engineering delivered via their smartphone, rather than some mysterious cyberthreat because they don’t own the latest model.

The only real risk I can see in a second hand phone is the possibility that it will stop working at some point in the future, with no guaranteed life remaining. But anyone who has dropped their shiny new phone in a car park or toilet also knows exactly how that feels – except it costs them a lot more.

Once again, the law of unintended consequences seems to be a work at Which? policy headquarters. Please tell me I’m wrong, and that I’ve overlooked some serious and widespread security risk, when offering a perfectly good second hand phone to my less well off relatives.

Em, that all sounds sensible to me.

As Derek says, all sensible. However, the counter argument is iff a hole is uncovered in a popular but no-longer-supported phone, there are rich pickings because of the large number that won’t get patched – QV the computer NHS debacle a few years; ago.

I truly don’t know what the answer is – other than to forego smart phones. I still have a couple of Nokia 6310i – and they still work – and the batteries are still good. Must be 20 years old now.

It’s encouraging to see that more new phones offer longer security updates: https://www.which.co.uk/news/2021/07/oneplus-announces-four-years-of-security-support-is-it-time-to-buy-its-smartphones/

That’s a start but we need more.

Andrew says:
22 July 2021

I’m pleased that ‘which’ are publishing the length of support for phones they test, I think it would be useful to do the same for tablets.