Urgent warning for MILLIONS of Android phone owners – you must delete dangerous apps that steal your banking logins

By | 09/09/2022

Over fourth dimension, Android and Apple’s iOS take evolved to keep up with new security threats that put your personal information at risk. But if you’re still using a smartphone that’s been left backside past the manufacturer, you’re a much easier target.

Without important security patches, hackers can exploit vulnerabilities in a phone’due south software – and the risks increment the longer it is out of the update cycle. Equally such it’s important to non merely find out if your current phone is still supported, merely know how long you tin can wait a phone you’re looking to buy to receive updates.

Some Android phones stop receiving security updates after only two years. Apple iPhones last longer, at 5 to six, but later on these timescales there’s an increased risk to using the device.

Our phone support figurer below, and advice on smartphone best practice, tin can help.


  • You tin also cheque the tech specs section in our
    mobile phone reviews
    to come across security update information for every phone we test.
  • Looking for antivirus? Read our

    guide to the best gratuitous and paid antivirus software

    .

Video: is your telephone at run a risk?

Find out more than about mobile phones and the importance of security updates.

Which? phone support calculator

Employ the search box beneath to find out if the telephone you own is notwithstanding supported, or how long you tin wait back up for with a phone you’re looking to buy.

What to practise if your phone is no longer supported

If you’re using a phone that’south no longer existence updated, you should consider upgrading. The good news is this needn’t be expensive. Our tests include All-time Buys for nether £250, and solid alternatives for fifty-fifty less. Cheque the links below to assist observe your adjacent mobile phone.

  • Honey a bargain? Check the

    best mobile phone and Sim-only deals.
  • Read our guide to the

    best mobile phones
    , along with expert buying advice.
  • Or you can browse all our
    mobile phone reviews.

Until yous are able to upgrade, follow the advice below to help mitigate the risks.


Tech tips you can trust –
go our free Tech newsletter for advice, news, deals and stuff the manuals don’t tell y’all.


Avoid apps from unofficial app stores

Google and Apple test every app before it’due south allowed into the Play Store or App store. However, you might be tempted to install apps from outside these stores from time to time, using a process called ‘sideloading’ – allowing apps Google hasn’t verified to be installed onto your telephone.

While there’s less risk of doing this with apps produced past established developers, the problem with many other unverified apps is that it’s often difficult to tell how legitimate they are, or if they could be hiding malware designed to compromise your device.

There’s another notable chance of downloading from unofficial stores – lookalike apps. These are created to look exactly similar a legitimate app, but are actually copycats that could contain malware or bombard you lot with advertising.

Quite only, avoid installing apps that aren’t on official stores – which shouldn’t be too difficult given the wide choice available.

Be selective with apps you lot download

There’due south a seemingly endless array of apps available to download and apply, but while information technology is appropriate to stick to the official app store, it’s not a magic bullet.

Apps that contain malware practise occasionally brand their way onto official stores and are ordinarily detected and removed by Apple or Google, just that’s not much condolement to those who have already downloaded them.

There’s no difficult and fast rule on apps to avoid, just they often take the form of accessories or customisation tools – think free wallpapers, video or photo editors, file managers, games and tools like a QR reader or flashlight.

If you lot’re looking for an app similar this, try and stick to those with plenty of reviews, that have been around for a while, and are from a reputable developer. All of this information should be available in the detailed app data on the store.

Y’all should besides try to avoid hoarding apps – if you lot’re non using one, delete it.

Manage your app permissions

App permissions control what parts of your phone an app is allowed to access – such as using your location to pinpoint your position on a map. Some apps have been known to ask for a few besides many privileges, withal. Select ane of the options below to find out more about each permission.

One mutual way that illegitimate apps could create havoc on a mobile telephone is through abusing these permissions. For example, a form of malware called Joker or ‘Bread’ was found on seemingly innocent apps relating to, amidst other things, photo enhancement or wallpapers for your phone. The app would ask for potentially dangerous permissions, such as access to your location, contacts, telephone call logs or text messages. Information technology could and so subscribe to a premium service and automatically confirm payments past intercepting an SMS message, adding recurring charges to a user’south telephone beak.

In this case, a user may well have questioned why an app that’due south simply offering a range of new wallpapers or screensavers for a phone would need access to their contacts or text letters. If you download an app that’s requesting seemingly unrelated information, that’s a crimson flag. A basic calculator app shouldn’t be asking for permission to read your storage card or your microphone, for example. Tread carefully – a malicious app could utilise the permissions you’ve given it to alter your lock screen countersign and demand a fee to unlock it again.

Fortunately, improvements to Android and iOS take meant that you lot’re given far more intuitive command of app permissions – such every bit allowing location services to only exist used when the app is open. Permissions can likewise exist automatically disabled if you oasis’t used apps in a long fourth dimension.

But the fact that these are but available on newer operating systems only underlines the importance of ensuring your phone is withal getting regular updates.

Know how to recognise phishing attacks

Phishing is the act of pretending to exist a legitimate company to elicit valuable information, and it has now evolved to target smartphone users with increasingly clever tactics.

Smishing (phishing via text) and vishing (voice phishing that happens over the phone) have become popular ways to target mobile telephone users. A victim of smishing may receive a text message that appears to exist from their banking company, prompting them to call a number and paw over their secure account information to address an upshot with their account.

In our tests, we found vulnerabilities in the media libraries of older Android devices (specifically those running Android 5.1 and nether) that could be exploited by phishing attacks. These attacks transport media files to victims through MMS, or links in texts to malicious websites, to proceeds access to the device.

Crucially, it’s of import to know how to observe and avoid a phishing attempt

whichever form information technology takes. This is a common way in which malicious third parties can casualty on individuals, and often no caste of security software or updates can assist.

Fortunately it’s quite piece of cake to spot the alert signs with a bit of practice:

  • Mis-spelt URLs – check links by hovering over them, but don’t click them. Wait carefully, equally they tin can often look quite legitimate, eg world wide web.AM4ZON.com.
  • Sender email addresses. Even though the sender might appear as ‘Facebook’ or ‘Paypal’, wait advisedly at the bodily email address. It it doesn’t appear legitimate, be wary.
  • Be mindful of telltale signs in dodgy emails, such every bit poor grammer, logos that don’t look quite correct and vague titles similar ‘Beloved client’.
  • If you’re concerned and want to double-check, log into the website in question through the visitor’due south official web accost, or telephone call them to confirm the effect.

Some vulnerabilities can be due to weaknesses in an  operating system, and Google does address issues with Android upgrades and security patches. However, phishing attacks take become so sophisticated that learning how to detect and avert an attempt yourself remains the best defence.

Consider antivirus apps

Fifty-fifty though Google Play Protect acts as protection against malware, you should nevertheless consider installing third-political party security software, specially if your phone is no longer receiving security updates.

In the same way that antivirus software works for your computer, antivirus apps for your mobile telephone are a cheap, and sometimes free, way to protect your telephone. It can assistance to continue your personal data safe by scanning for malware and alerting you of whatsoever problems, including if you are visiting unsafe websites or if you download malicious apps.

By ensuring that you are diligently installing security updates and using antivirus software, you’re increasing your protection against whatsoever potential threats.

It’s important to note that if you’re using Android version 4.1 or below, you will accept trouble finding security apps that are compatible with your mobile phone. In this case, as these phones will no longer be receiving security updates either, you should seriously consider upgrading.

Read more than about antivirus software and why information technology’s important in our guide to the

Best mobile antivirus software
.

How to check your telephone operating system version

How to cheque OS version on Android

Equally stated, the risk of using an older device mostly increases the older information technology is. Mobile phones running a version of Android 6 and earlier.

Information technology’s fairly like shooting fish in a barrel to bank check which version of Android yous’re using, although information technology does vary by device.

  • Open the main ‘Settings’ menu on the phone.
  • Look for an entry that reads ‘Nearly phone’ or similar, typically near the lesser of the card.
  • You should see an entry that reads ‘Android version’, followed by a number. If you’re a Samsung user, click ‘Software information’ to meet this entry.

Alternatively, you lot could search for ‘Android’ or ‘Android version’ in the search bar of the Settings menu.

The nearly contempo version is Android 12. If you’re non running this version yous’re non necessarily at risk, but the older the version, the greater the need to consider upgrading your phone. And of grade, the more than important to follow the advice in this guide.

How to check Bone version on iOS

  • Open up the Settings menu.
  • Choose ‘General’.
  • Tap ‘About’, where y’all can see the iOS version.
  • Alternatively, choose ‘Software update’ to come across the iOS version, and also check to see whether whatever updates are bachelor.

The most recent version of iOS is version xv. However, earlier versions may still be refreshed with security updates to assistance support older phones. If your iPhone is running iOS 11 or earlier, you should consider upgrading the device.

Are iPhones safer than Android phones?

Unlike Android, which is used by a number of manufacturers, iOS is a closed operating arrangement. Apple doesn’t share its source code with app developers or users of its products, so in that location’southward a lower hazard of attackers finding vulnerabilities in its system. For that reason, many believe that iOS is a safer operating system.

Regardless, there’s no fashion to exist completely safe, even if you do own an Apple telephone – then you lot should similarly consider the risks of using devices that are no longer supported.

Which Apple smartphones are a security risk?

The iPhone 6 and earlier are no longer receiving security updates. If yous’re using whatsoever of the smartphones below or ones released earlier, you should look to invest in a new model.

  • Apple tree iPhone half-dozen (September 2014)
  • Apple iPhone 5 (September 2012)
  • Apple iPhone 4S (October 2011)
  • Apple iPhone 4 (September 2010)

Which brands support their smartphones for longest?

Currently there are no laws on how long brands have to back up their phones for, or how much they have to tell you lot at the point of sale. This makes it tricky to know exactly what yous’re ownership into when you choose a new telephone.

However, through enquiry on the information brands do share, and the length of updates for their older handsets, we’re able to appraise brands on how long their typical update cycles are and how transparent they are with their customers.

Apple iPhone support durations

  • Typical support duration: 5-6 years
  • Clearly labels unsupported phones? No
  • Popular handsets that are no longer supported: iPhone 6 and beneath

Apple consistently leads the line when it comes to software support – the closed ecosystem of Apple products means it is able to retain greater control over devices like iPhones. Although its official update policy is five years, in practice it’s often beaten this. The Apple iPhone 6s, launched in 2015, is still on the latest iOS version.

Read our
Apple iPhone reviews
to find your perfect model.

Samsung mobile phone support durations

  • Typical support duration: 2-v years
  • Clearly labels unsupported phones? No
  • Popular handsets that are no longer supported: Samsung Galaxy S9 and before, Samsung Galaxy A6

Samsung has announced that Galaxy S and Z handsets released from 2021 and upcoming A series phones from 2022 will now receive five years’ worth of back up, putting information technology in the atomic number 82 for brands on Android. Nearly others volition receive 4 years, nevertheless, some cheaper models, like the Milky way A6, have been known to only have two years’ worth of support before dropping off the update bike.

Samsung has a wide range of models across all budgets – our
Samsung mobile phone reviews
will assist y’all pick i that lasts.

Google mobile phone back up durations

  • Typical support duration: 3-5 years
  • Clearly labels unsupported phones? Yeah
  • Popular handsets that are no longer supported: Google Pixel ii, Google Pixel Twoscore, Google Pixel 3

Google doesn’t quite crush Samsung for length of update cycle, simply it is does at least take a consistent, transparent policy that lets consumers know exactly how long their Pixel phone volition exist supported. The Google Pixel 6 and Pixel 6 Pro are the only phones that currently receive v years of security support.

Read our
Google Pixel phone reviews
to see how long you’ll get back up for on primal models.

OnePlus mobile phone support durations

  • Typical back up elapsing: three-iv years
  • Clearly labels unsupported phones? Aye
  • Popular handsets that are no longer supported: OnePlus seven

OnePlus’ official update policy is three years, and in practice it’s been known to beat out this (the OnePlus v, launched in June 2017, received an update in December 2020). However, two of its cheaper phones launched in 2020, the OnePlus Nord N10 5G and the OnePlus N100, have simply been guaranteed two years’ worth of updates. Unfortunately, it’s an example of how brands tin can change their support policies when they choose.

Our
reviews of OnePlus phones
volition help you pick a acme performer that goes the distance.

Motorola mobile phone support durations

  • Typical support duration: 2-3 years
  • Conspicuously labels unsupported phones? Aye
  • Popular handsets that are no longer supported: Motorola Moto G6, Motorola One Macro

Motorola clearly shows when each of its phones volition run out of support, making information technology one of the few brands to brand this crucial data attainable to its customers. 2 years of updates from launch doesn’t give yous a lot of use out of your phone though, particularly if yous want to become information technology on a two-year contract. A selection of its handsets, like the Motorola I Action, are part of the Android 1 programme, and will exist supported for three years.

Find out which of Motorola’southward budget-friendly phones impressed with our
Motorola telephone reviews.

Xiaomi mobile phone back up durations

  • Typical support duration: 2-4 years
  • Clearly labels unsupported phones? No
  • Pop handsets that are no longer supported: Xiaomi Redmi 6A, Xiaomi Mi 8

Information technology’south not hard to meet why Xiaomi phones are popular, with their impressive specs and features, and some of the cheapest 5G handsets you can purchase. However, unless y’all’re happy to pay for the nearly expensive models with four years of updates, it’s probably not a make to invest in if you lot want a phone that will terminal. It’south hard to clearly run into which phones aren’t supported, and ‘the initial ii year timeframe is subject to change depending on the regions and models’.

See our
Xiaomi mobile phone reviews
to observe out if any can rival pricier rivals.

Mobile phone security main image padlock on mobile 464790

Which? calls for more transparency around security updates

The Section for Digital, Culture, Media & Sport has proposed new laws for the security of smart devices. If passed, brands would be required to land at the point of sale how long you can await your phone to receive security updates.

Which? is calling for the government to push ahead with this planned legislation, and dorsum information technology up with strong enforcement. Just while these measures will bring some level of transparency for consumers, we call back manufacturers could do more to lengthen the security lifespans of devices and assistance to protect the environment from unnecessary e-waste product.

At a minimum, we want manufacturers to provide:

  • At least five years of software and security updates across all their devices from point of release, regardless of popularity or cost.
  • In-device notifications about when update support will cease, so that consumers can make more informed decisions near next steps.
  • More regular update back up from when manufacturers are first made enlightened of patches, peculiarly for those using the Android operating system.
  • Greater clarity well-nigh actual updates policies at time of purchase, and on a publicly available website, and so consumers are fully informed near update provision earlier they purchase.

If manufacturers fail to provide adequate and transparent update back up then the government volition need to arbitrate in the interests of smartphone users.

If you’re looking to upgrade a telephone, read our guide to the

best mobile phones


for practiced tips and buying advice.

Source: https://www.which.co.uk/reviews/mobile-phones/article/mobile-phone-security-is-it-safe-to-use-an-old-phone-a6uXf1w6PvEN