Up to half of UK consumers who buy new mobile devices, whether directly from their network provider, device manufacturer or through a third-party retailer, could face problems security threats and cyberattacks, according to a survey by Which? .
The consumer rights organization said the short lifespan of mobile devices, coupled with the length of service contracts, meant that around 48% of devices currently on the market could become obsolete or reach the end of their life. life and lose security support before the airtime contract. period ends, leaving their owners at risk of compromise.
“Mobile phones without the latest security backing could leave consumers vulnerable to hackers, so it’s important that manufacturers provide these defenses longer and that retailers are clearer with people about the risks posed by phones that won’t receive no vital updates during the term of the contracts,” said Which? IT editor Kate Bevan.
“The Government’s Product Safety Bill must ensure that manufacturers indicate the date until which a device will be supported – and that this information is clearly displayed on retailers’ websites. Devices must be supported for a minimum of five years by all manufacturers so that consumers are better protected.
The investigation revealed that due to the fact that its contracts can last up to 36 months, O2 was guilty of knowingly selling the most devices at risk of losing security support, with 73% of new O2 phones potentially unsupported at the end of a three-year period. contract and 21% potentially unsupported within one year.
Kate Bevan, Which one?
Additionally, 53% of devices sold at Carphone Warehouse, 50% at Mobiles.co.uk, 50% at Vodafone, 40% at Three, 38% at Mobile Phones Direct and 33% at EE were at risk.
Popular handsets dropping support over the next 12 months include the Motorola G8 Power, available through Mobiles.co.uk and Vodafone; the Oppo Find X2 Lite, available through Mobile Phones Direct, Mobiles.co.uk, EE, O2 and Vodafone; and the Samsung Galaxy S9, available through Vodafone. Note that the Galaxy S9 recently lost its Which? Best Buy badge as it is nearing end of support.
Basically, Which? said, all of the devices listed above were still available, with no indication to buyers that they would soon be in jeopardy. The organization said the lack of transparency around security patches was a big part of the problem. It also found that 40% of smartphone owners believed that if they bought a phone on contract it would continue to receive updates for the duration of the contract, which is not necessarily the case, and 69% said they would be concerned if their device did. aren’t getting updates, so there’s clearly support for the change.
Who? said it was unacceptable for some mobile brands to only provide two years of security support, and is now asking for a legally mandated five-year support period. He added that increased support would not only protect consumers from cyberattacks, but would also have a positive environmental impact, with fewer devices thrown away sooner than they should.
Going forward, it will now remove its Best Buy recommendations from all devices with less than a year of support remaining, and urges manufacturers, retailers and networks to be more upfront about their support policies. In the meantime, consumers can use Which? to know if their devices are still supported or not.
A spokesperson for O2, which fared worst in the rankings, said: “Manufacturers set the lifespan of security patches for their devices, covering around three to four years for newer models. . O2 customers can choose pricing for up to three years with our O2 Refresh plans, customizable between three and 36 months.
“We’re proud to have led the industry here because by separating airtime and device costs, customers get real flexibility in how they pay for their mobile phone. However, customer security is a top priority, so if manufacturers advise that one-time security updates are needed outside of their defined lifespan, we will work closely with them to ensure customers receive the updates. necessary updates.
A spokesperson for Three said: “Software updates are managed by device manufacturers and Three customers receive updates for as long as the manufacturers release them.”
A Vodafone spokesperson added: “Vodafone works closely with its suppliers to ensure that the devices it provides to customers are supported by the operating system. [operating system] and security updates. Although there may be some variation in the length of lifecycle support depending on the device and its manufacturer, in practice this support generally extends beyond the period to which you are referring. In general, the duration of support has increased over the years.
EE, although he engaged with which? on its conclusions, refused to take advantage of a right of reply. Note that EE, Three and Vodafone all took issue with elements of Which?’s analysis, in particular the inclusion of some of the device models examined. However, which one? maintains that these devices may no longer be supported before the end of the currently available contracts.
Retailer Dixons Carphone – which owns both Carphone Warehouse and Mobiles.co.uk, said it would continue to sell devices throughout the product lifecycle to keep options affordable, but would appreciate providing clearer communications around security update policies to keep customers informed.
Mobile Phones Direct said it would continue to work closely with manufacturers to keep consumers informed of the need for software fixes throughout the life of the product.
Of the device makers reviewed, Motorola said that while devices clearly cannot be upgraded endlessly, it does provide industry-standard security updates and is working with Google to continue. to increase the number of features that can be updated through the Play Store, which means that some essential features can be fixed and upgraded more easily and longer.
Samsung directed users to its security update information website and Oppo refused to engage.