Phone contracts could leave consumers with security issues

Which? has recently looked at mobile phone contract deals across a range of retailers, and has discovered that 48% of phones available could lose security support before the end of their contract period. 

Data held on phones is a goldmine for criminals and a lack of updates potentially leaves them vulnerable to attacks that allow hackers to take complete control over the phone, steal personal information and could even leave phone owners facing bills of hundreds of pounds for services that they have not used themselves.

The research found that the retailer with the highest proportion of devices that could lose update support was O2 – due to the fact that its contracts can last up to 36 months. 73% will potentially be left unsupported at the end of the three years, and 21% could lose support less than a year into the contract.

Across its investigation, Which? researchers came across a number of popular handsets due to run out of support less than a year into the contract including:

• Motorola G8 Power – sold by mobiles.co.uk and Vodafone
• Oppo Find X2 Lite – sold by EE, Mobile Phones Direct, mobiles.co.uk, O2 and Vodafone
• Samsung Galaxy S9 – sold by Vodafone and recently having lost its Which? Best Buy status because it could have less than a year of support left.

All were available despite no indication to consumers that they would soon pose a security risk through a lack of updates.

'Losing support in the first year of the contract'

In addition to O2, the proportion of contract phones on sale where there were similar problems were Carphone Warehouse (52%), Mobiles.co.uk (50%), Vodafone (50%), Three (40%), Mobile Phones Direct (38%) and EE (33%).

Mobiles.co.uk (19%) and Carphone Warehouse (18%) also closely followed O2 in the proportion of phones being sold that could lose support in only the first year of the contract – meaning consumers would potentially be using an unsupported device for more than a year before the contract ends.

Kate Bevan, Which? Computing Editor, said: “Mobile phones without the latest security support could leave consumers vulnerable to hackers, so it is important that manufacturers supply these defences for longer and that retailers are clearer with people about the risks posed by phones that will not receive vital updates for the duration of contracts.

“The government’s Product Security Bill needs to ensure that manufacturers state the date a device will be supported until – and that this information is clearly displayed on retailers’ websites. Devices need to be supported for five years minimum across all manufacturers so that consumers are better protected.”

EE and Three disputed some of the mobile phone models included in Which?’s analysis – and said that these phones would be supported until the end of contracts. Vodafone said that “support generally extends beyond the timeframe you reference.”

Which? is removing its Which? Best Buy recommendation from any phone with less than a year of support remaining and has also added a security warning banner to its reviews of any affected devices