Half of mobile phone contracts could leave consumers with security issues
Almost half of mobile phone contracts could leave consumers with security issues, leaving them potentially exposed to cybercriminals, claims consumer watchdog Which?
Mobile phone retailers are selling devices that could lose vital security updates before pay monthly contracts have finished, as the short shelf life of phones supplied by manufacturers leaves owners more exposed to hacking attacks by cybercriminals, a Which? investigation has revealed.
The consumer watchdog looked at mobile phone contract deals across a range of retailers and found that 48 per cent of the dozens of phones available could lose security support before the end of contract period.
The amount of data held on phones is a goldmine for criminals and a lack of updates potentially leaves them vulnerable to attacks that allow hackers to take complete control over the phone, steal personal information and could even leave phone owners facing bills of hundreds of pounds for services that they have not used themselves.
The retailer with the highest proportion of devices that could lose update support was O2 – due to the fact that its contracts can last up to 36 months. Three-quarters (73%) will potentially be left unsupported at the end of the three years, and a fifth (21%) could lose support less than a year into the contract.
Across its investigation, Which? researchers came across a number of popular handsets due to run out of support less than a year into the contract including:
Motorola G8 Power – sold by mobiles.co.uk and Vodafone
Oppo Find X2 Lite – sold by EE, Mobile Phones Direct, mobiles.co.uk, O2 and Vodafone
Samsung Galaxy S9 – sold by Vodafone and recently having lost its Which? Best Buy status because it could have less than a year of support left.
All were available despite no indication to consumers that they would soon pose a security risk through a lack of updates.
Across the board, mobile phone retailers were selling a whole host of devices that could lose security support before contracts ended. In addition to O2, the proportion of contract phones on sale where there were similar problems were Carphone Warehouse (52%), Mobiles.co.uk (50%), Vodafone (50%), Three (40%), Mobile Phones Direct (38%) and EE (33%).
Mobiles.co.uk (19%) and Carphone Warehouse (18%) also closely followed O2 in the proportion of phones being sold that could lose support in only the first year of the contract – meaning consumers would potentially be using an unsupported device for more than a year before the contract ends.
A lack of transparency around important updates is a big part of the problem. Four in 10 (40%) smartphone owners think that if they buy a phone on contract it will receive security updates throughout the contract period, according to a Which? survey. It is also clearly an issue that matters to consumers – seven in 10 (69%) said that they would be concerned if their phone was no longer receiving security updates.
EE and Three disputed some of the mobile phone models included in Which?’s analysis – and said that these phones would be supported until the end of contracts. Vodafone said that “support generally extends beyond the timeframe you reference.” However, Which? believes these phones could be out of support before the end of contracts, according to its research.
Which? is removing its Which? Best Buy recommendation from any phone with less than a year of support remaining and has also added a security warning banner to its reviews of any affected devices.
The consumer watchdog is also calling for manufacturers and retailers to be far clearer with consumers about how long phones are going to be supported with security updates so they can make more informed choices and protect themselves against these security risks.
The government recently announced that mobile phones will be included within the scope of its proposed Product Security and Telecommunications Infrastructure Bill.
Says Kate Bevan, Which? Computing Editor:
“Mobile phones without the latest security support could leave consumers vulnerable to hackers, so it is important that manufacturers supply these defences for longer and that retailers are clearer with people about the risks posed by phones that will not receive vital updates for the duration of contracts.
“The government’s Product Security Bill needs to ensure that manufacturers state the date a device will be supported until – and that this information is clearly displayed on retailers’ websites. Devices need to be supported for five years minimum across all manufacturers so that consumers are better protected.”