Google, Apple, Motorola: how long are security updates available for your mobile phone or laptop?

Shoppers are often in the dark about how long they can rely on security software updates for their mobile devices.

It’s not exactly breaking news to point that out as a nation, we are rather reliant on our portable technology.

A report from communications regulator Ofcom found that as many as 76% of adults in the UK have a smartphone, while almost two-thirds (64%) have a laptop too.

These devices have only become more important over the last year, both as a means of keeping in touch with friends, loved ones and colleagues at a time of social distancing, but also simply as a way of actually working from home.

However, there is a danger that your device could become far less effective at keeping cybercriminals at bay almost overnight.

You’re on your own

Within a few months of going freelance back in 2016, it was clear that I needed a laptop. Being able to work on the move was no longer a ‘nice to have’, it was a necessity, so I bought myself a Chromebook.

And it’s served me well ever since. However, this week a message popped up from Google ‒ the firm behind the Chromebook ‒ which warned me that from June my machine will no longer automatically manage software and security updates.

In other words, I have a couple more months of my trusty laptop taking those steps to keep itself safe.

After that, these security updates will be entirely up to me. So if I’m not particularly on the ball in arming my laptop properly, then I will be at greater risk of malware and other viruses finding their way onto my Chromebook, putting my personal details and finances at risk.

Keeping your mobile safe

When it comes to PCs and laptops, this isn’t a common practice. Indeed, one of the big downsides of the Chromebook has always been this sort of in-built fixed lifespan, which isn’t something you need to worry about with a desktop.

But it is also an issue with mobile phones. You might do your research on a handset and reckon it will be your portable friend for five years, but all too often the software support will have packed in long before that.

Frustratingly, there’s no actual law in place covering how long manufacturers need to provide software support for handsets, so it’s effectively up to individual firms to determine what they can justify.

What’s more, the manufacturers aren’t exactly forthcoming about how long they will provide this support for.

After all, when they are trying to flog you a phone it’s far easier to highlight the quality of the camera or how long the battery supposedly lasts between charges than talk about something like cybersecurity.

However, the consumer champions at Which? have done some digging and put together a rough outline of how long they typically provide support, as well as if they clearly label phones which are no longer supported to shoppers.

Manufacturer	Typical support duration	Are unsupported handsets clearly labelled?
Apple	Five to six years	No
Samsung	Two to four years	No
Google	Three years	Yes
OnePlus	Two to three years	Yes
Motorola	Two to three years	Yes
Xiaomi	Two years	No

Clearly there are some wide variances in the length of support you can expect, as well as how clearly you are likely to be informed about the support on offer.

Apple for example offers by far the longest support, on account of its “closed ecosystem” which means that Apple can keep greater control over devices like the iPhone, according to Which?.

Unfortunately, it doesn’t do a great job of actually letting shoppers know if the support is no longer in place.

An interesting contrast is OnePlus, which has an official policy of providing three years of support.

But it has launched two cheaper handsets with only two years of cover, showing that manufacturers can effectively pick and choose how long to provide these updates.

Tell us the truth

This is a farcical position.

Cybersecurity is a big, important topic with scammers enjoying an incredibly profitable time in the last few years.

By having such a wide variety of timescales for software updates, and such patchy transparency about the length of that cover, we are only making life easier for those scammers.

There are two things that I believe need to happen.

First, we need clearer rules in place governing a minimum period that these software updates must be provided sot hat as shoppers we know the bare minimum of protection we are going to enjoy.

Secondly, I think it needs to be a requirement that providers are completely open about which handsets are still protected, and how long remains on that protection.

If the authorities don't take this sort of security problem seriously, then scammers will continue to have a great time taking advantage of people who have no idea that their handset is no longer so secure.