With the sheer amount of personal information we have on our phones, be it messages, photos, passwords or even location history, keeping our mobile devices secure is now more important than ever. As a result, many would assume that security is one of the top priorities for phone manufacturers.

While this is true for the most part, mobile security is often a cat and mouse game, with phone manufacturers needing to quickly release security patches for their devices as new cyber-threats are discovered. For newer devices, this is not a problem and manufacturers generally issue updates pretty regularly in order to keep hackers at bay.

But what happens when your device is a few years old? Do manufacturers keep on top of these security updates to ensure older devices are protected from the latest threats? In this article we discuss why security updates are important and what to do if you are no longer receiving them.

Why are security updates important?

Security updates are a way for phone manufacturers to try and keep their software one step ahead of hackers. In fact, the majority of malware that affects mobile devices relies on out of date software and so cannot be used against a device with the latest security updates. For example, to install spyware on an iPhone, the device must be running an older version of the iOS operating system.

Security updates often include important fixes for hardware and operating system vulnerabilities discovered by cyber researchers. If these fixes are not applied then the device can be at risk of a cyber attack, which is why it’s important to always install these updates as soon as they become available.

How long are security updates provided for Android devices?

The frequency of these updates depends on the manufacturer and age of the device. Manufacturers only pledge to support them for a certain number of years and after that they stop receiving security patches as companies shift their priorities towards newer products.

Traditionally, Android device manufacturers have only provided updates for a fairly short time, typically around 2 years after a device was first released. However, following several recent high profile security vulnerabilities and hacks, phone manufacturers are now working to provide security updates for longer.

Samsung devices, for example, until recently only received updates for 2 years. However in 2021 the company announced that its newer models would now receive at least 4 years of security updates. Similarly, Google recently promised to provide security updates for 5 years for their latest Pixel 6 and Pixel 6 Pro devices.

But Google and Samsung are still some way behind Apple which tend to support older devices for much longer. For example, Apple currently (as of 2022) still offers full security updates for iPhones that launched in 2015.

Why should you care about how long security updates are provided?

Manufacturers base their security update pledges (e.g. 2 years) on when a device is released. However, many devices could be on sale for several years after release. Therefore, if a manufacturer only provides security updates for 2 years after release of the device and someone purchases it a year later, then they will only receive security updates for the first year of ownership of the device. As most people keep the same phone for at least 2 years they could be vulnerable to cyber attacks for a large portion of their device ownership. This also makes buying a pre-owned phone somewhat of a gamble when it comes to cyber security.

What can I do if I am no longer receiving security updates?

If your Android phone is a few years old and no longer receiving updates then you might rightfully be concerned that your device is now insecure. Fortunately, there are still a few things you can do to stay secure if getting a new phone isn’t an option.

1. Make sure all installed apps are updated

It’s important to ensure that all of your apps are up-to-date as these updates can include important security patches from the developers of these apps. High-profile spyware such as Pegasus has been known to exploit vulnerabilities in apps such as WhatsApp to infect a device with spyware. So ensuring your apps are up-to-date can keep you protected from a range of cyber attacks.

2. Manage your permissions

A good way to keep things under control is to manage permissions for your apps. Some might have access to your contacts, camera, microphone and location without your knowledge or consent.

3. Avoid app hoarding

Another useful tip is to only download the apps that you need and avoid ‘app hoarding’ just because an app is getting popular with other users. The more apps you have installed on your Android phone, the more likely it is that one of these may contain a security vulnerability that could be exploited by hackers.

4. Protect your phone with physical security

Most cyber attacks on Android happen when a hacker has physical access to the device. So ensuring adequate physical device security and access control is key to protecting your device. Secure your cell phone with extra layers of security such as biometrics and complex passwords, and avoid sharing it with people, even those closest to you.

5. Use a trusted security app

A good mobile security app such as Certo Mobile Security will help protect your phone from threats as well as maintain privacy. You can scan your device to identify malicious apps, view a full list of app permissions and remove or amend as needed.

While in an ideal world all devices would receive security updates indefinitely, in reality there comes a time when manufacturers need to stop supporting older devices. If your device is no longer receiving updates then it is imperative that you take these measures and use apps such as Certo Mobile Security to ensure your device is protected from cyber threats.