Phone contracts could leave consumers with security issues

Share
Mobile phone retailers are selling devices that could lose vital security updates before pay monthly contracts have finished, a Which? investigation finds

Which? has recently looked at mobile phone contract deals across a range of retailers, and has discovered that 48% of phones available could lose security support before the end of their contract period. 

Data held on phones is a goldmine for criminals and a lack of updates potentially leaves them vulnerable to attacks that allow hackers to take complete control over the phone, steal personal information and could even leave phone owners facing bills of hundreds of pounds for services that they have not used themselves.

The research found that the retailer with the highest proportion of devices that could lose update support was O2 – due to the fact that its contracts can last up to 36 months. 73% will potentially be left unsupported at the end of the three years, and 21% could lose support less than a year into the contract.

Across its investigation, Which? researchers came across a number of popular handsets due to run out of support less than a year into the contract including:

  • Motorola G8 Power – sold by mobiles.co.uk and Vodafone
  • Oppo Find X2 Lite – sold by EE, Mobile Phones Direct, mobiles.co.uk, O2 and Vodafone
  • Samsung Galaxy S9 – sold by Vodafone and recently having lost its Which? Best Buy status because it could have less than a year of support left.

All were available despite no indication to consumers that they would soon pose a security risk through a lack of updates.

 

'Losing support in the first year of the contract'

 

In addition to O2, the proportion of contract phones on sale where there were similar problems were Carphone Warehouse (52%), Mobiles.co.uk (50%), Vodafone (50%), Three (40%), Mobile Phones Direct (38%) and EE (33%).

Mobiles.co.uk (19%) and Carphone Warehouse (18%) also closely followed O2 in the proportion of phones being sold that could lose support in only the first year of the contract – meaning consumers would potentially be using an unsupported device for more than a year before the contract ends.

Kate Bevan, Which? Computing Editor, said: “Mobile phones without the latest security support could leave consumers vulnerable to hackers, so it is important that manufacturers supply these defences for longer and that retailers are clearer with people about the risks posed by phones that will not receive vital updates for the duration of contracts.

“The government’s Product Security Bill needs to ensure that manufacturers state the date a device will be supported until – and that this information is clearly displayed on retailers’ websites. Devices need to be supported for five years minimum across all manufacturers so that consumers are better protected.”

EE and Three disputed some of the mobile phone models included in Which?’s analysis – and said that these phones would be supported until the end of contracts. Vodafone said that “support generally extends beyond the timeframe you reference.”

Which? is removing its Which? Best Buy recommendation from any phone with less than a year of support remaining and has also added a security warning banner to its reviews of any affected devices

Share

Featured Articles

Leigh Segall: Revolutionising Digital CX with Automation

Smart Communications CEO explains how automation is transforming how businesses collect data, especially in regulated industries like healthcare & finance

IBM & Ericsson to Transform UK Emergency Services Network

IBM and Ericsson have been selected to upgrade the UK’s emergency services network, offering 4G/5G connectivity for critical operations across the country

GSMA: How Europe Can Improve its 5G Digital Infrastructure

European mobile operators generate €1.1tn in economic value, but GSMA data shows the region is falling behind East Asia and North America in 5G deployments

Apple Outlines Siri Privacy Strategy Amid Security Concerns

Technology & AI

Vodacom and Orange to Expand Network Coverage in DRC

Connectivity

Vodafone: How Private Networks Enhance Regional Connectivity

Mobile Operators