By clicking a retailer link you consent to third-party cookies that track your onward journey. If you make a purchase, Which? will receive an affiliate commission, which supports our mission to be the UK's consumer champion.

Mobile phone security: check how long a phone will receive security updates

Use our security support tool to how long mobile phones are supported with important software and security updates, and find out what to do if you're at risk
Which?Editorial team
Mobile phone security update

Over time, Android and Apple's iOS have evolved to keep up with new security threats that put your personal information at risk. But if you're still using a smartphone that's out of support, you're a much easier target.

Without important security patches, hackers can exploit vulnerabilities in a phone's software – and the risks increase the longer it is out of the update cycle. It's important to not only find out if your current phone is still supported, but know how long you can expect a phone you're looking to buy to receive updates.

Our phone support calculator below, and advice on smartphone best practice, can help.

Which? phone support calculator

Use the search box below to find out if the phone you own is still supported, or how long you can expect support for with a phone you're looking to buy. 

Remaining support is our own estimate of minimum time left before a phone stops receiving security updates, based on typical manufacturer and device-specific support periods. *Huawei phones from 2020 may receive updates from Huawei, but cannot access Google services or security patches. 'Unknown' phones are likely to have passed, or be close to, the end of the typical minimum guarantee support period for the brand.

Our guide to smartphone brand support policies how long the most popular brands support their handsets.

Update support may not be the first thing you think about with a phone purchase, but it essentially dictates the lifespan of the device. Fortunately, in part down to our campaigning, five to seven years of support from launch is becoming far more common.

Amy AxworthyMobile phones expert

Video: is your phone at risk?

Find out more about mobile phones and the importance of security updates.

What to do if your phone is no longer supported

If you're using a phone that's no longer being updated, you should consider upgrading. The good news is this needn't be expensive. Our tests include Best Buys for under £350, and solid alternatives for even less. Check the links below to help find your next mobile phone.

Mobile phones with long-lasting support periods

Tech tips you can trust – get our free Tech newsletter for advice, news, deals and stuff the manuals don’t tell you.

How to check your phone operating system version

How to check OS version on Android

As stated, the risk of using an older device generally increases the older it is. Android 10 and earlier are no longer supported, and the latest is Android 14.

It's fairly easy to check which version of Android you're using, although it does vary by device.

  • Open the main 'Settings' menu on the phone.
  • Look for an entry that reads 'About phone' or similar, typically near the bottom of the menu.
  • You should see an entry that reads 'Android version', followed by a number. If you're a Samsung user, click 'Software information' to see this entry.

Alternatively, you could search for 'Android' or 'Android version' in the search bar of the Settings menu.

How to check OS version on iOS

  • Open the Settings menu.
  • Choose 'General'.
  • Tap 'About', where you can see the iOS version.
  • Alternatively, choose 'Software update' to see the iOS version, and also check to see whether any updates are available.

The most recent version of iOS is version 16. The iPhone 11 and newer are still supported. If your iPhone is older than this, you should consider upgrading.

How to reduce the risk of using an unsupported phone

Until you are able to upgrade, follow the advice below to help mitigate the risks.

Avoid apps from unofficial app stores

Google and Apple test every app before it's allowed into the Play Store or App store. However, you might be tempted to install apps from outside these stores from time to time, using a process called 'sideloading' – allowing apps Google hasn't verified to be installed onto your phone.

While there's less risk of doing this with apps produced by established developers, the problem with many other unverified apps is that it's often difficult to tell how legitimate they are, or if they could be hiding malware designed to compromise your device. 

There's another notable risk of downloading from unofficial stores – lookalike apps. These are created to look exactly like a legitimate app, but are actually copycats that could contain malware or bombard you with advertising. 

Quite simply, avoid installing apps that aren't on official stores – which shouldn't be too difficult given the wide selection available.

Be selective with apps you download

There's a seemingly endless array of apps available to download and use, but while it is advisable to stick to the official app store, it's not a magic bullet.

Apps that contain malware do occasionally make their way onto official stores and are usually detected and removed by Apple or Google, but that's not much comfort to those who have already downloaded them.

There's no hard and fast rule on apps to avoid, but they often take the form of accessories or customisation tools – think free wallpapers, video or photo editors, file managers, games and tools like a QR reader or flashlight.

If you're looking for an app like this, try and stick to those with plenty of reviews, that have been around for a while, and are from a reputable developer. All of this information should be available in the detailed app information on the store.

You should also try to avoid hoarding apps – if you're not using one, delete it.

Manage your app permissions

App permissions control what parts of your phone an app is allowed to access – such as using your location to pinpoint your position on a map. Some apps have been known to ask for a few too many privileges, however. Select one of the options below to find out more about each permission.

One common way that illegitimate apps could create havoc on a mobile phone is through abusing these permissions. For example, a form of malware called Joker or 'Bread' was found on seemingly innocent apps relating to, among other things, photo enhancement or wallpapers for your phone. The app would ask for potentially dangerous permissions, such as access to your location, contacts, call logs or text messages. It could then subscribe to a premium service and automatically confirm payments by intercepting an SMS message, adding recurring charges to a user's phone bill.

In this example, a user may well have questioned why an app that's simply offering a range of new wallpapers or screensavers for a phone would need access to their contacts or text messages. If you download an app that's requesting seemingly unrelated information, that's a red flag. A basic calculator app shouldn't be asking for permission to read your storage card or your microphone, for example. Tread carefully – a malicious app could use the permissions you've given it to change your lock screen password and demand a fee to unlock it again.

Fortunately, improvements to Android and iOS have meant that you're given far more intuitive control of app permissions – such as allowing location services to only be used when the app is open. Permissions can also be automatically disabled if you haven't used apps in a long time.

But the fact that these are only available on newer operating systems only underlines the importance of ensuring your phone is still getting regular updates.

Know how to recognise phishing attacks

Phishing is the act of pretending to be a legitimate company to elicit valuable information, and it has now evolved to target smartphone users with increasingly clever tactics.

Smishing (phishing via text) and vishing (voice phishing that happens over the phone) have become popular ways to target mobile phone users. A victim of smishing may receive a text message that appears to be from their bank, prompting them to call a number and hand over their secure account information to address an issue with their account.

In our tests, we found vulnerabilities in the media libraries of older Android devices (specifically those running Android 5.1 and under) that could be exploited by phishing attacks. These attacks send media files to victims through MMS, or links in texts to malicious websites, to gain access to the device.

Crucially, it's important to know how to detect and avoid a phishing attempt whichever form it takes. This is a common way in which malicious third parties can prey on individuals, and often no degree of security software or updates can help.

Fortunately it's quite easy to spot the warning signs with a bit of practice:

  • Mis-spelt URLs – check links by hovering over them, but don't click them. Look carefully, as they can often look quite legitimate, eg www.AM4ZON.com.
  • Sender email addresses. Even though the sender might appear as 'Facebook' or 'Paypal', look carefully at the actual email address. It it doesn't appear legitimate, be wary.
  • Be mindful of telltale signs in dodgy emails, such as poor grammar, logos that don't look quite right and vague titles like 'Dear customer'.
  • If you're concerned and want to double-check, log into the website in question through the company's official web address, or call them to confirm the issue.

Some vulnerabilities can be due to weaknesses in an  operating system, and Google does address issues with Android upgrades and security patches. However, phishing attacks have become so sophisticated that learning how to detect and avoid an attempt yourself remains the best defence.

Consider antivirus apps

Even though Google Play Protect acts as protection against malware, you should still consider installing third-party security software, especially if your phone is no longer receiving security updates.

In the same way that antivirus software works for your computer, antivirus apps for your mobile phone are a cheap, and sometimes free, way to protect your phone. It can help to keep your personal data safe by scanning for malware and alerting you of any problems, including if you are visiting unsafe websites or if you download malicious apps. 

By ensuring that you are diligently installing security updates and using antivirus software, you're increasing your protection against any potential threats.

It's important to note that if you're using Android version 4.1 or below, you will have trouble finding security apps that are compatible with your mobile phone. In this case, as these phones will no longer be receiving security updates either, you should seriously consider upgrading.

Read more about antivirus software and why it's important in our guide to the best mobile antivirus apps.

Are iPhones safer than Android phones?

Unlike Android, which is used by a number of manufacturers, iOS is a closed operating system. Apple doesn't share its source code with app developers or users of its products, so there's a lower chance of attackers finding vulnerabilities in its system. For that reason, many believe that iOS is a safer operating system.

Regardless, there's no way to be completely safe, even if you do own an Apple phone – so you should similarly consider the risks of using devices that are no longer supported. 

Get the right mobile deal

Use our Which? provider rating, based on real customer feedback, to find the best Sim and contract deals

Compare deals today