Do you upgrade when Android phone security updates stop?

[NameTaken2]

Interesting that the several responses from posters using phones with suspended security updates had no first-hand experience for that resulting in being hacked. Also, not even a response from anyone who knows someone who had their phone hacked.

Main goal of OP was to gain perspective on the actual level of risk taken by continuing to use a phone with expired security updates. At this point the above, along with no references/links provided to news or research supporting that this risk should be considered generally unacceptable, continues to support my perception that the the higher risk for the many phones in use with expired security updates is generally not great enough to be worth the cost of replacing the phone.

And, as noted in the thread, replacing the phone is a personal decision based on risk tolerance.

 

[ShokWaveRider]

I would never consider keeping financial data of any kind on my phone.

Knowing how easily they can be hacked or stolen, neither would I.

 

[Qs Laptop]

I'll ask again. Assuming there is no financial information on your phone--no bank account numbers, no PIN's, no brokerage info, etc. exactly what are people afraid is going to get hacked on your phone?

Anyone?

 

[ExFlyBoy5]

People do realize that your smart phone IS a computer, right? The argument of not having sensitive information on your "phone" but on a desktop computer is...well...not a great example of critical thinking.

Another thing...you can have the latest and greatest OS on a brand new phone for less than $200. No need to buy the "best in class" Galaxy (that comes pre-loaded with a lot of bloatware...no thanks!) to get the same protection you would get from a budget phone.

 

[Kerfuffle]

At this point the above, along with no references/links provided to news or research supporting that this risk should be considered generally unacceptable, continues to support my perception that the the higher risk for the many phones in use with expired security updates is generally not great enough to be worth the cost of replacing the phone.

I feel that when someone asks something like this on a forum, they are asking for personal opinions. They are plenty capable of doing their own google search to see if the experts think it's an issue. You ask on a forum for others perspectives, not for others to go do your research for you.

 

[easysurfer]

I try to set up my smartphone so that it is secure enough to not allow open access to anyone should the phone get lost or stolen. Yet at the same time, not hamper the phone so much that I can't access personal information if I want to.

I don't have a PIN to lock the phone every time the phone is turned off or sleeps as that's too much of a pain. Especially since often I'm the only one near the phone.

But I do have an app that can lock certain apps (email, social media as examples) asking for a PIN. That as if I'm out and about like in a restaurant and to protect myself from being clumsy and losing the phone or going to the airport to protect from it being swiped, I use the app to lock.

Not perfect I'm sure but strikes a balance.

 

[Qs Laptop]

I would be careful with hacked email accounts, especially if they are tied to important accounts. Also, given the direction we seem to be going, I would be careful with storing on the phone any photos of people (whether of others or selfies) because of facial recognition software. The latter also applies for cloud storage.

Why the concern? What is someone going to do with photos of say, your fishing trip?

 

[Qs Laptop]

People do realize that your smart phone IS a computer, right? The argument of not having sensitive information on your "phone" but on a desktop computer is...well...not a great example of critical thinking.

Yes, and as was mentioned, PCs are probably a far more popular target than phones and likely easier to do than a phone.

Another thing...you can have the latest and greatest OS on a brand new phone for less than $200. No need to buy the "best in class" Galaxy (that comes pre-loaded with a lot of bloatware...no thanks!) to get the same protection you would get from a budget phone.

Not sure about that. Pixel phones have monthly security patches and updates for 36 months. Samsung flagship phones get them monthly for the first year or so, then quarterly for three years. Mid-Lower tiered Samsung's are quarterly updates for two or three years. Budget phones are usually quarterly or maybe once or twice per year, and only for 24 months, if that.

Also, budget phones are likely shipped with Android 10 as their OS. Android 10 is already 2 years old. Budget phones might only get one OS upgrade over their lifetime. Android 11 came out a year ago. Android 12 is coming out "soon". It will be on the new Pixel 6 phone and if I wanted to get the beta version on my Pixel 5a I could get it now.

 

[ERD50]

I'll ask again. Assuming there is no financial information on your phone--no bank account numbers, no PIN's, no brokerage info, etc. exactly what are people afraid is going to get hacked on your phone?

Anyone?

I really don't think that a lack of responses after a few posts and 24 hours provides any assurance that it's safe.

Why the concern? What is someone going to do with photos of say, your fishing trip?

But it's more than that. If someone grabs your phone while it's unlocked, or manages to get past a PIN, or a hacker gets through somehow, they might have access to much more than your snapshots.

Does your phone have email? Does your phone keep you logged in? If they can get a login, they can use the 'forgot my password' button, and get a reset sent to the phone.

I rarely use my phone for financial transactions, but darn it, mobile deposit is convenient, and they don't offer it for a desktop computer. So I've got their app on my phone. Hmmm, that works over WiFi, maybe I'll put that banking app on an old phone that never leaves the house, and remove it from my actual 'mobiles'.

-ERD50

 

[Kerfuffle]

FWIW, the whole security issue is one of the reasons I no longer consider my phone to be a thing I own. I view it as a thing I rent. We get whatever great deal the provider is offering when the security updates stop, and pay their monthly fee. Right now we're under a BOGO deal with Verizon - got two S20 phones, one of them totally free plus a whole host of other discounts that get taken off our bill monthly. I wish they'd give you the full discount up front instead of making you pay for it bit by bit, but I get it, they want to force you stay as a customer for that length of time. I know the OP was annoyed at the idea of paying full price for two new phones, but there is absolutely no reason to do that anymore with all the enormous upgrade discounts available.

 

[NameTaken2]

I feel that when someone asks something like this on a forum, they are asking for personal opinions. They are plenty capable of doing their own google search to see if the experts think it's an issue. You ask on a forum for others perspectives, not for others to go do your research for you.

Kerfuffle-
As noted in OP I did go online to gather info on this topic. Then, to obtain a more conclusive decision, I came to this forum asking for additional perspective on replacing phones when security updates stop.

What I referred to was that nobody with the "replacing your phone is a must" perspective had first-hand experience for hacks resulting from not doing so, nor did they cite any news or research supporting that (which is fine, just thought worth noting).

Therefore, think I did follow your Directive regarding asking only for perspective, and my apology that this was somehow interpreted as "do the research for me".

 

[NameTaken2]

I know the OP was annoyed at the idea of paying full price for two new phones, but there is absolutely no reason to do that anymore with all the enormous upgrade discounts available.

Discounts are apparently a YMMV situation. I checked before posting, and no current enormous upgrade discount is available: my provider will give me $23 for my Galaxy S8 and the S21 is $800.

No problem waiting for deals since the S8's work fine for now.

 

[Qs Laptop]

I really don't think that a lack of responses after a few posts and 24 hours provides any assurance that it's safe.

I'm not saying it's safe and I'm not saying it's not safe.

I'm asking: If there is no financial info on it, what are people worried about if someone hacks into your phone?

But it's more than that. If someone grabs your phone while it's unlocked

Extremely unlikely, unless they literally steal it from out of my hands. Then they have to keep it powered on beyond my 2 minutes "stay powered on" setting to be able to use it.

or manages to get past a PIN,

Extremely unlikely. I use a fingerprint sensor AND a PIN.

or a hacker gets through somehow, they might have access to much more than your snapshots.

Like what, for example? I keep asking this and so far there hasn't been a response.

Does your phone have email? Does your phone keep you logged in?

Yes and yes.

If they can get a login, they can use the 'forgot my password' button, and get a reset sent to the phone.

And how are they going to know my security question(s)? Examples: What's your favorite movie? Who was your best man? etc. etc.

 

[ERD50]

Don't get me wrong, I'm just playing Devil's advocate, I think you're asking some good questions. I lean towards wanting the latest security updates, and now I've learned my Android phone is no longer updated (I was fooled by the app security updates) but maybe it's not such a big deal, I dunno? Maybe the app security updates make any OS holes a near-non-issue?

.... Extremely unlikely. I use a fingerprint sensor AND a PIN.

I don't have a fingerprint scan on mine, so I'm more open there.

Like what, for example? I keep asking this and so far there hasn't been a response.

Does your phone have email? Does your phone keep you logged in?

Yes and yes.

And how are they going to know my security question(s)? Examples: What's your favorite movie? Who was your best man? etc. etc.

email was the example I was thinking of. IIRC I don't normally need to answer the security questions for a new password sent to my email, that's was my concern.

That's why I never click on the 'remember me' button on any login I care about. I don't want that login ID popping up for someone. And, they might figure it out anyhow (often it is my email, but I guess not for any financial sites. But email seems to stay logged in.

-ERD50

 

[OldShooter]

People do realize that your smart phone IS a computer, right? The argument of not having sensitive information on your "phone" but on a desktop computer is...well...not a great example of critical thinking. ...

Au contraire, we are not concerned about whether the phones are computers or not. We are concerned about the threat environment, physical and electronic, which is quite different between a phone that is carried out and about and a home computer that, well, stays at home. The threat environment that laptops are exposed to varies with the use case, but might be as bad as for phones. Or it might not.

 

[YB88]

For me, the security update issue is just part of typically multiple things that cause me to get a new phone. I used to have an S8 too, and I think an S5 before that --- one of those was the last phone I owned with removable batteries, so getting a new phone today means resetting the clock on that too.



A factor that led me to get an S21 (all of these are Samsung models, just to be clear) was the characteristics of mid-band 5G on my T-Mobile account. I've found situations where I was getting connected, or connected faster (internet) than with 4G. For example, at a recent trip to the coast, my wife and I could text back and forth instantly, whereas my daughter with a 4G phone on T-Mobile was seeing very long delays before the texts were delivered. That sort of thing.



The better camera (with two lenses) has been useful, because these days a cell phone camera is almost always the only one I use --- and I have young grandchildren. And in the past I've run into memory issues, which I don't anymore at all with the S21. I think there were other reasons, those are just off the top of my head.
Well, that and T-Mobile made it very cheap to upgrade.

I've become somewhat of a Samsung fanboy I guess (in the android device arena anyway), in part due to the additional year or so of security updates over competitors that has already been mentioned. But I really like their android tablet too, and I find that having both their phone and tablet, things work together pretty well. I particularly like using Samsung's version of quick file transfer between devices to shoot photos from my phone to my tablet, so that my wife and I can look at images on a bigger screen when we're away from home, or I can aggregate my wife's and my photos on a single device that way.

As to how people regard their phones w.r.t. security and what they do and do not have on them, I'm inclined to agree that your phone likely has somewhat troubling access to your life almost no matter how careful you are, and hence my preferred path is to pay some attention to security. I.e., require a password or equivalent to access, use a password manager (also password or fingerprint or whatever protected), use a VPN when travelling, make sure apps update promptly, install OS security or version upgrades as soon as they're available, and run security software. The aggregate of these impose a pretty light cognitive load on me after they become habit.



In that context, I pay for things using my phone (actually, with my Samsung connected watch ...), access bank accounts on the phone, etc. The one thing I don't do is connect to the brokerage where most of my assets are. Password/etc information for that aren't on the phone or tablet or in password manager. If someone breaks into my bank account, the contents aren't a large percentage of total net worth.

Each to their own; interesting to see folks share their takes on this and specific approaches.

 

[GTFan]

I don’t have a particularly informed opinion on the additional risk (though I always upgrade before my phone stops getting security updates), I just want to suggest that 2 new flagship phones isn’t your only option. If you’re happy with the performance of a 3 year old phone then the flagship might be wasted on you anyway. Instead, even at list price, 2 Pixel 5As (for example) would be half that and still give you a performance/feature update along with a few years of Android and security updates.

Agreed, paying $1k for a flagship phone these days is silly IMO. Any 1-2 year old former flagship is easily 50% or more less than MSRP and there's not enough difference to matter now. I just retired my Samsung Note8 and bought an S10 Lite from a seller on swappa.com - paid something like $250 for it and it was a $600 phone a year and a half ago. Great upgrade for me - has a huge OLED screen, two or more days of battery life and more RAM/storage than I need. Plenty fast enough too, runs Android 11 gets all the updates etc. Disabled all the Samsung, Facebook etc. cruft and it runs great.

There's no need to stay on the latest and greatest phone treadmill.

 

[easysurfer]

Agreed, paying $1k for a flagship phone these days is silly IMO. Any 1-year old former flagship is easily 50% or more less than MSRP and there's not enough difference to matter now. I just retired my Samsung Note8 and bought an S10 Lite from a seller on swappa.com - paid something like $250 for it and it was a $600 phone a year and a half ago. Great upgrade for me.

I'm still licking my wounds for having to fork over $40 for a refurbished cheapo phone .

 

[OmegaDog]

Still using my Galaxy S5. Works fine. I won't upgrade until I can't use my old phone.

 

[ArmchairMillionaire23]

Each to their own; interesting to see folks share their takes on this and specific approaches.

A monthly payment on a phone
We just bought our most expensive phone ever this summer at a flea market.

We paid $65 for it but it was missing the microphone disc in the handset so we had to spend another $10 at an antique shop for a 'parts phone' to make it functional. Our first two rotary phones cost us $12 apiece. They were both black. One's mounted on the wall in the kitchen and the other's on the nightstand in the bedroom. We also paid $24 for a cool red rotary phone we keep on the desk in the office.

We might move the black one from the bedroom to the spare bedroom so we can use the turquoise one in the main bedroom.

At least we don't have to worry about security updates as most of them are 50+ years old and still work just fine.

 

[CyclingInvestor]

Regardless of security updates, I assume that my phone will be lost or stolen at some point -- hence vulnerable. So there is s little as possible on the phone that creates any risk for me. No banking or financial apps or information, no brokerage info. Not even the names or phone numbers of the banks and brokers. There is credit card information buried in there somewhere in order to buy apps; AFIK that is my only point of possible compromise and the card protections apply. The contact list on my phone is strictly limited to a necessary few and it is cleaned periodically to remove names that I no longer need. My calendar is vulnerable in some sense,but really contains almost no critical information.

Vendor security is fine, but I don't count on it for much.

+1. I keep phones til I crack the screen, so I am only on my 3rd - a Blackberry, an S2, now an S9+.

 

[FIREarly]

Yes, this happened to me with a Google Pixel 2XL DW gave me so she can get a new phone. We didn't n ow about the end of life for it.

Either way, yes, if you login to virtually anything, and we all do, security settings are updated to prevent hacks that are discovered among many other things.

For your own sake, it's a good idea and your choice.

 

[ERD50]

A monthly payment on a phone
...

...

Back when those were common, the only way you could have them was by way of a monthly payment. And it never ended. Ma Bell owned it, you rented it.

And don't you dare buy one on the black market and hook it up as an extension - Ma Bell will detect the increased ringer current and force you to disconnect it - you'll need to pay the fee for an extension. I think people disconnected the ringer on the second phone to circumvent Ma Bell's snooping.

-ERD50

 

[RobbieB]

I just got a Google Pixel 4A. Because my Pixel only did 3G. AT&T dropped 3G, Pixel no work no more.

When your phone doesn't work anymore, time for a new phone.

 

[Out-to-Lunch]

Back when those were common, the only way you could have them was by way of a monthly payment. And it never ended. Ma Bell owned it, you rented it.

Unless your father worked for Ma Bell and he stole it! (Or so I have heard.... )