Half of cellphones sold in UK pose risk of security concerns


According to a survey conducted by Which? .

The consumer rights organization said the short shelf life of mobile devices, coupled with the length of service contracts, meant that around 48% of devices currently on the market could become obsolete or reach end of life and lose the security support before the airtime contract. the period ends, leaving their owners at risk of compromise.

“Mobile phones without the latest security backing could make consumers vulnerable to hackers, so it’s important that manufacturers provide these defenses longer and that retailers are clearer with people about the risks posed by phones that don’t. will not receive any vital updates during the term of the contracts. , Which one said? IT editor Kate Bevan.

“The government’s product safety bill must ensure that manufacturers indicate the date until which a device will be supported – and that this information is clearly displayed on retailer websites. Devices must be supported for at least five years by all manufacturers so that consumers are better protected. “

The investigation found that due to the fact that its contracts can last up to 36 months, O2 was guilty of knowingly selling the most devices at risk of losing security support, with 73% of new O2 phones potentially unsupported after three years. contract and 21% potentially unsupported within one year.

“Mobile phones without the latest security backing could make consumers vulnerable to hackers, so it’s important that manufacturers provide these defenses longer and that retailers are clearer about the risks posed by phones that won’t receive security. vital updates during the term of contracts ”

Kate Bevan, which one?

Additionally, 53% of devices sold at Carphone Warehouse, 50% at Mobiles.co.uk, 50% at Vodafone, 40% at Three, 38% at Mobile Phones Direct and 33% at EE were at risk.

Popular phones that will no longer be supported over the next 12 months include the Motorola G8 Power, available through Mobiles.co.uk and Vodafone; the Oppo Find X2 Lite, available through Mobile Phones Direct, Mobiles.co.uk, EE, O2 and Vodafone; and the Samsung Galaxy S9, available through Vodafone. Note that the Galaxy S9 recently lost its Which? Best Buy badge as it nears end of support.

Importantly, Which? Said, all of the devices listed above were still available, with no indication to buyers that they would soon be in danger. The organization said a lack of transparency around security fixes was a big part of the problem. He also revealed that 40% of smartphone owners believed that if they bought a phone under contract, it would continue to receive updates for the duration of the contract, which is not necessarily the case, and 69% said they would be worried if their device did. not receiving updates, so there is clearly support for the change.

Which? said it was unacceptable that some mobile phone brands only provide two years of security support, and are now asking for a legally mandated five-year support period. He added that increased support would not only protect consumers from cyber attacks, but also positively impact the environment, with fewer devices being scrapped sooner than they should be.

Going forward, it will now remove its Best Buy recommendations from all devices with less than a year of support remaining, and urge manufacturers, retailers and networks to be more direct in their support policies. In the meantime, consumers can use Which? to see if their devices are still supported or not.

A spokesperson for O2, which performed the worst in the rankings, said: “Manufacturers set the life span for security patches on their devices, covering around three to four years for newer models. O2 customers can choose rates for up to three years with our O2 Refresh plans, customizable between three and 36 months.

“We’re proud to have dominated the industry here, because by dividing airtime and device costs, customers have real flexibility in how they pay for their mobile phones. However, customer safety is a top priority, so if manufacturers advise that one-off security updates are needed outside of their defined lifespan, we will work closely with them to ensure that customers receive the updates. necessary updates.

A spokesperson for Three said, “Software updates are handled by device manufacturers and Three’s customers receive updates for as long as the manufacturers release them.”

A Vodafone spokesperson added, “Vodafone works closely with its suppliers to ensure that the devices it provides to customers are supported with the operating system. [operating system] and security updates. While the length of lifecycle support may vary depending on the device and its manufacturer, in practice, lifecycle support typically extends beyond the benchmark period. In general, the duration of the support has lengthened over the years.

EE, even though he has signed up with Which? on its conclusions, refused to avail itself of a right of reply. Note that EE, Three, and Vodafone all took issue with elements of Which? S analysis, particularly the inclusion of some of the device models reviewed. However, which one? maintains that these devices may no longer be supported until the end of currently available contracts.

Retailer Dixons Carphone, which owns both Carphone Warehouse and Mobiles.co.uk, said it would continue to sell devices throughout the product lifecycle to keep options affordable, but would welcome providing clearer communications around updated security policies to keep customers informed.

Mobile Phones Direct said it will continue to work closely with manufacturers to keep consumers informed of the need to adopt software fixes throughout the life of the product.

Among the device manufacturers reviewed, Motorola said that while devices clearly cannot be upgraded ad infinitum, it is providing industry-standard security updates and is working with Google to continue. to increase the number of features that can be updated through the Play Store, which means that some of the essential features can be fixed and upgraded more easily and for longer.

Samsung directed users to its security update information website, and Oppo declined to commit.


About Author

Leave A Reply