When does an old smartphone become unsafe to use.

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
Rdytoretire
Posts: 443
Joined: Mon Mar 25, 2019 6:23 pm

When does an old smartphone become unsafe to use.

Post by Rdytoretire »

I did a quick search of the forum and could not find any threads that specifically addressed this issue.

I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.

How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?

I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.

https://www.tomsguide.com/us/old-phones ... 24846.html
dukeblue219
Posts: 4074
Joined: Fri Jan 29, 2016 11:40 am

Re: When does an old smartphone become unsafe to use.

Post by dukeblue219 »

Most people don't know their device has been compromised. They just wonder why they have weird popups, slow battery life, and why their email app suddenly looks different. It wouldn't get published that someone was "hacked" because it's usually not that newsworthy until we read about a large botnet or something that launches a coordinated attack using millions of compromised thermostats or smartphones.

Its more of an issue on Android given the tendency of Android users to download apps from random links, but there are rogue IOS apps as well that get onto the app store.

Your Pixel 3 won't suddenly become unsafe per se. Extremely critical vulnerabilities will likely still get patches but it won't be guaranteed. I recently moved from Pixel 3 to Pixel 5 and am loving the battery life. It's noon and I'm at 86% remaining where my Pixel 3 would have been below 50% for the same usage.
User avatar
jhfenton
Posts: 4754
Joined: Sat Feb 07, 2015 10:17 am
Location: Ohio

Re: When does an old smartphone become unsafe to use.

Post by jhfenton »

Rdytoretire wrote: Mon Oct 25, 2021 10:59 am I did a quick search of the forum and could not find any threads that specifically addressed this issue.

I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.

How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?

I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.

https://www.tomsguide.com/us/old-phones ... 24846.html
I would suggest getting an iPhone because they are supported longer. :mrgreen: Contary to what that Toms Guide post predicted, the iPhone 6s released in 2015 is still supported for the latest iOS 15 released last month. (My old iPad Air 2 released in 2014 also received the latest iPadOS 15 update.)

I probably wouldn't rely on a phone more than a year after its OS stopped being supported. Eventually you won't be able to run the latest versions of apps either, as those are updated to require the latest OS. The risks would depend on what you do on the phone. If you call, text, and passively surf the web, the risks will be low. If you use payment apps, banking apps, etc., I'd be more wary on relying on unsupported software. (Although the risks would probably still be low.)
kada
Posts: 60
Joined: Sat Jan 09, 2021 1:23 pm

Re: When does an old smartphone become unsafe to use.

Post by kada »

I just bought a Pixel 6. I am rocking my 2XL still. I am updating mainly because apps are more prone to crash now than even a year ago. Also the Pixel 6 gets 5 years of security updates. Just 3 years of android updates (hopefully google expands this to 5 but no guarantees). If I were you I'd wait for the 7. Getting a solid phone every 4 years is a good frequency IMO.

Edit: realized I didn't answer your questions. You will be fine until you are not. I took a risk by using an unprotected phone but I do use a VPN and block trackers etc.
HawkeyePierce
Posts: 2352
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: When does an old smartphone become unsafe to use.

Post by HawkeyePierce »

If your phone is no longer getting security updates, you should replace it.
Topic Author
Rdytoretire
Posts: 443
Joined: Mon Mar 25, 2019 6:23 pm

Re: When does an old smartphone become unsafe to use.

Post by Rdytoretire »

I appreciate the replies. I would think there are many phones currently in use that are no longer receiving security updates. Many people get new phones every 2-3 years but probably just as many may be using old phones that no longer get updates. A good Boglehead keeps their phones a long time just like they do their automobiles. :D Is purchasing a new phone every 3 years for those who also wear a belt and suspenders?

As far as apps not working properly are most apps updated that frequently that that becomes an issue in 2-3 years?
User avatar
quantAndHold
Posts: 10141
Joined: Thu Sep 17, 2015 10:39 pm
Location: West Coast

Re: When does an old smartphone become unsafe to use.

Post by quantAndHold »

Your phone will be fine until it isn’t, and you won’t know when it isn’t. The person above who is experiencing app “crashes”…this is often a symptom of a hack. I would smash that phone with a hammer, and change the passwords of any account that’s ever been attached to it.

Seriously, in today’s world, once the phone stops getting security updates, it’s toast. You can use it to play music, but it is not safe to use on the internet, no matter whether all the other kids in the class are still using theirs or not.
User avatar
quantAndHold
Posts: 10141
Joined: Thu Sep 17, 2015 10:39 pm
Location: West Coast

Re: When does an old smartphone become unsafe to use.

Post by quantAndHold »

And if you want to keep your phones for longer, get an iPhone. They get updates longer than android.
dukeblue219
Posts: 4074
Joined: Fri Jan 29, 2016 11:40 am

Re: When does an old smartphone become unsafe to use.

Post by dukeblue219 »

Rdytoretire wrote: Mon Oct 25, 2021 6:23 pm I appreciate the replies. I would think there are many phones currently in use that are no longer receiving security updates.
Absolutely true.

Most people also have a single shared login to Windows, use Password123 as their password for everything, and leave their cars unlocked. Doesn't mean it's wise!
Topic Author
Rdytoretire
Posts: 443
Joined: Mon Mar 25, 2019 6:23 pm

Re: When does an old smartphone become unsafe to use.

Post by Rdytoretire »

I believe Google was still selling Pixel 3's up unit about 12 months ago. Seems odd that they would sell a phone that may be unsafe in 12 months. Maybe that is just the nature of the business but that does not make sense for the consumer or Google.



[/quote]

Absolutely true.

Most people also have a single shared login to Windows, use Password123 as their password for everything, and leave their cars unlocked. Doesn't mean it's wise!
[/quote]

Those things are easy to avoid and cost nothing. Getting a new phone every 3 years that's something else.
Last edited by Rdytoretire on Mon Oct 25, 2021 7:11 pm, edited 1 time in total.
Trader Joe
Posts: 2697
Joined: Fri Apr 25, 2014 6:38 pm

Re: When does an old smartphone become unsafe to use.

Post by Trader Joe »

Rdytoretire wrote: Mon Oct 25, 2021 10:59 am I did a quick search of the forum and could not find any threads that specifically addressed this issue.

I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.

How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?

I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.

https://www.tomsguide.com/us/old-phones ... 24846.html
They never become unsafe.

Now, if you have a phone that only uses 3G you should upgrade that phone to one that uses 4G asap.
shelanman
Posts: 661
Joined: Tue Feb 27, 2007 7:35 pm

Re: When does an old smartphone become unsafe to use.

Post by shelanman »

From a security perspective, your phone will become unsafe immediately after the first discovery of a security vulnerability for which you are not going to get a patch/update.

That will probably happen sometime between 90 days and 1 year after your last OS update, but it could happen sooner or it could happen later.

It gets worse over time both because more vulnerabilities will be discovered and also because the already-discovered ones will be more well known and tools for exploiting them will become easier to use.

It takes a sophisticated hacker to find a new vulnerability and figure out how to exploit it. But any old script kiddie can pwn your device just for giggles once the attack has been reduced to simple tooling
HawkeyePierce
Posts: 2352
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: When does an old smartphone become unsafe to use.

Post by HawkeyePierce »

Trader Joe wrote: Mon Oct 25, 2021 7:11 pm
Rdytoretire wrote: Mon Oct 25, 2021 10:59 am I did a quick search of the forum and could not find any threads that specifically addressed this issue.

I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.

How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?

I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.

https://www.tomsguide.com/us/old-phones ... 24846.html
They never become unsafe.

Now, if you have a phone that only uses 3G you should upgrade that phone to one that uses 4G asap.
That's not true. Critical vulnerabilities can be discovered at any time.
YeahBuddy
Posts: 2503
Joined: Tue Oct 31, 2017 12:55 pm

Re: When does an old smartphone become unsafe to use.

Post by YeahBuddy »

I think it depends what you do on your smartphone. For me, I do everything on my phone (IE banks, investment accounts, work, notes with all my user names and passwords, etc). If you're anything like me, you're looking for the safest options. My iPhone 13 pro max will be delivered tomorrow. If you're like my dad or uncles, you use your flip phone or jitterbug to make/ receive a call or two a day, check the time, calendar, and that's it. Also my kids have 5+ year old phones which they use just to face time or text their friends. In the latter cases it doesn't matter.

I just upgraded my laptop (2012 MacBook Pro) to a new one (2020 Macbook air) for this exact reason. When it's not supported anymore, your personal information is no longer safe. Decide where you fall in this discussion and upgrade as needed.
Light weight baby!
namajones
Posts: 778
Joined: Sat Aug 08, 2020 12:41 pm

Re: When does an old smartphone become unsafe to use.

Post by namajones »

I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
calwatch
Posts: 1447
Joined: Wed Oct 02, 2013 1:48 am

Re: When does an old smartphone become unsafe to use.

Post by calwatch »

namajones wrote: Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Theoretically, they could hijack your phone and use it in a distributed denial of service attack, using up your data. You would probably recognize it by it quickly draining your battery life. That's about all the risk, if you don't store passwords or log in to personal information sites on the phone. I have an old iPad I use for pictures, videos, and social media and I don't have any banking apps or log in to web sites with personal information on it. It is several iOS updates behind but that's fine.
dukeblue219
Posts: 4074
Joined: Fri Jan 29, 2016 11:40 am

Re: When does an old smartphone become unsafe to use.

Post by dukeblue219 »

namajones wrote: Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Do you have any services which text you for 2FA, even just as a backup?
namajones
Posts: 778
Joined: Sat Aug 08, 2020 12:41 pm

Re: When does an old smartphone become unsafe to use.

Post by namajones »

dukeblue219 wrote: Tue Oct 26, 2021 2:23 pm
namajones wrote: Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Do you have any services which text you for 2FA, even just as a backup?
2FA? Is that English?
sycamore
Posts: 6360
Joined: Tue May 08, 2018 12:06 pm

Re: When does an old smartphone become unsafe to use.

Post by sycamore »

namajones wrote: Tue Oct 26, 2021 2:53 pm
dukeblue219 wrote: Tue Oct 26, 2021 2:23 pm
namajones wrote: Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Do you have any services which text you for 2FA, even just as a backup?
2FA? Is that English?
More American than anything else but nationality aside, it's an acronym meaning "Two Factor Authentication."
cacophony
Posts: 1363
Joined: Tue Oct 16, 2007 9:12 pm

Re: When does an old smartphone become unsafe to use.

Post by cacophony »

The risk level likely depends on what you're doing. If you only use a handful of well established apps and sites, the chances are probably low that anything would happen.

But if you're concerned, maybe this is an option? https://lineageos.org/
(I have no experience with it; just found it after doing a google search)
Last edited by cacophony on Tue Oct 26, 2021 10:37 pm, edited 1 time in total.
treadonme
Posts: 21
Joined: Sun Jul 18, 2021 8:26 pm

Re: When does an old smartphone become unsafe to use.

Post by treadonme »

A few seconds before exploding :shock:
As an avid old phone user following replies though
FlyingMoose
Posts: 630
Joined: Wed Mar 04, 2009 9:48 pm

Re: When does an old smartphone become unsafe to use.

Post by FlyingMoose »

When it’s all split open and bulged because the battery swelled up so much, it might be unsafe.
User avatar
thriftynick
Posts: 81
Joined: Fri Nov 26, 2010 4:29 pm

Re: When does an old smartphone become unsafe to use.

Post by thriftynick »

I use a Pixel 3a and plan on continuing using it past the end of security updates, unless a really good deal on a new phone presents itself. Just don't click on any strange e-mail links, or browse any questionable websites and you should be fine.
Alchemist
Posts: 638
Joined: Sat Aug 30, 2014 6:35 am

Re: When does an old smartphone become unsafe to use.

Post by Alchemist »

calwatch wrote: Tue Oct 26, 2021 2:03 pm
namajones wrote: Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Theoretically, they could hijack your phone and use it in a distributed denial of service attack, using up your data. You would probably recognize it by it quickly draining your battery life. That's about all the risk, if you don't store passwords or log in to personal information sites on the phone. I have an old iPad I use for pictures, videos, and social media and I don't have any banking apps or log in to web sites with personal information on it. It is several iOS updates behind but that's fine.
Actually it could be a bit worse than that. If the compromised device is also connected to home wifi it could infect other devices on the network like a primary computer.

There are plenty of real world examples of financial accounts being compromised by malware. Many identity thieves use malware to get the information they use to steal people's identity/hijack accounts.
Blue456
Posts: 2152
Joined: Tue Jun 04, 2019 5:46 am

Re: When does an old smartphone become unsafe to use.

Post by Blue456 »

HawkeyePierce wrote: Mon Oct 25, 2021 3:49 pm If your phone is no longer getting security updates, you should replace it.
+1, I wouldn't wait much longer than a couple of weeks.
User avatar
quantAndHold
Posts: 10141
Joined: Thu Sep 17, 2015 10:39 pm
Location: West Coast

Re: When does an old smartphone become unsafe to use.

Post by quantAndHold »

namajones wrote: Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Once they get into your phone, they can use the phone as a launchpad to get into your entire home network, including the computer you do all your banking on.

If they’re in your phone, they can also hijack your password reset emails, without you ever knowing, reset all your passwords, and have a party in your accounts.
calwatch
Posts: 1447
Joined: Wed Oct 02, 2013 1:48 am

Re: When does an old smartphone become unsafe to use.

Post by calwatch »

quantAndHold wrote: Thu Oct 28, 2021 10:08 am
namajones wrote: Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Once they get into your phone, they can use the phone as a launchpad to get into your entire home network, including the computer you do all your banking on.

If they’re in your phone, they can also hijack your password reset emails, without you ever knowing, reset all your passwords, and have a party in your accounts.
I don't think that's the case, otherwise every public wifi point would be a vector for attacks, and they aren't. And a password reset email, especially for banking, requires more than just the email but also some information that only you would know. If you are comfortable connecting your account with Mint or storing passwords on Google or another password keeper service, I wouldn't worry much about an un-updated phone somehow hacking other computers protected by their own firewalls.
prioritarian
Posts: 485
Joined: Tue Jul 16, 2019 6:00 pm

Re: When does an old smartphone become unsafe to use.

Post by prioritarian »

calwatch wrote: Thu Oct 28, 2021 11:27 am If you are comfortable connecting your account with Mint or storing passwords on Google or another password keeper service, I wouldn't worry much about an un-updated phone somehow hacking other computers protected by their own firewalls.
If someone gains access to your android phone they likely also have access to your google account and all stored passwords.

See for yourself if you have an android phone: Android Chrome:Settings:Passwords.

I assume that the same is true for an iPhone (but I've not used an apple device since the late 80s).
User avatar
quantAndHold
Posts: 10141
Joined: Thu Sep 17, 2015 10:39 pm
Location: West Coast

Re: When does an old smartphone become unsafe to use.

Post by quantAndHold »

calwatch wrote: Thu Oct 28, 2021 11:27 am
quantAndHold wrote: Thu Oct 28, 2021 10:08 am
namajones wrote: Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Once they get into your phone, they can use the phone as a launchpad to get into your entire home network, including the computer you do all your banking on.

If they’re in your phone, they can also hijack your password reset emails, without you ever knowing, reset all your passwords, and have a party in your accounts.
I don't think that's the case, otherwise every public wifi point would be a vector for attacks, and they aren't. And a password reset email, especially for banking, requires more than just the email but also some information that only you would know. If you are comfortable connecting your account with Mint or storing passwords on Google or another password keeper service, I wouldn't worry much about an un-updated phone somehow hacking other computers protected by their own firewalls.
You misunderstand. Public wifi is not a vector from your phone to a laptop that’s sitting at home. But your home network is.

I agree, getting into someone’s bank account from a compromised phone is currently a nontrivial, multi step process. Using the technology available to today’s attackers, it would need to be a targeted attack by a fairly sophisticated hacker. The problem with saying the attack is too hard to be viable is that attack technology is always advancing, and what’s hard to do today will be a software package that a 20 year old in Estonia can buy next year. The person with the out of date phone probably also probably has a poorly protected home network, an out of date laptop, and never bothered to set up any of the advanced security features on their accounts. It’s completely plausible that someone could develop a software package to take advantage of that situation. I mean, that’s what’s going on with the ransomware attacks right now. You can go onto the dark web and buy a software package to pwn your local hospital.

There is already an iPhone attack where you don’t even have to click links on the text message. You just have to open the message. If you haven’t updated your iPhone software in the past six weeks or so, you’re a sitting duck for that one.
increment
Posts: 1736
Joined: Tue May 15, 2018 2:20 pm

Re: When does an old smartphone become unsafe to use.

Post by increment »

quantAndHold wrote: Thu Oct 28, 2021 2:47 pm There is already an iPhone attack where you don’t even have to click links on the text message. You just have to open the message. If you haven’t updated your iPhone software in the past six weeks or so, you’re a sitting duck for that one.
In this class of attacks, you don't even have to open the message. The iPhone Messages app processes the harmful message as soon as it reaches the phone, so it can be compromised even before the human knows that something has been received.
Topic Author
Rdytoretire
Posts: 443
Joined: Mon Mar 25, 2019 6:23 pm

Re: When does an old smartphone become unsafe to use.

Post by Rdytoretire »

I appreciate the responses to this thread. I think that it's possible that 30-50% of phones being used no longer get updates. There is no shortage of people who don't upgrade their Android phones every 3 years. Wondering why we don't hear about those hacked phones? Seems like it's not very common.

To those that say that people who have phones that are not updated also do not care about the security of their laptops or other systems. Those don't generally become unsafe in 3 years.

I have know people who are on the other end of the spectrum, They would not direct deposit their paychecks because of fears of "hacking" so they would go to the bank every two weeks instead. Is there a happy medium between being alarmist and not being concerned at all?
finite_difference
Posts: 3633
Joined: Thu Jul 09, 2015 7:00 pm

Re: When does an old smartphone become unsafe to use.

Post by finite_difference »

HawkeyePierce wrote: Mon Oct 25, 2021 3:49 pm If your phone is no longer getting security updates, you should replace it.
+1.
The most precious gift we can offer anyone is our attention. - Thich Nhat Hanh
User avatar
quantAndHold
Posts: 10141
Joined: Thu Sep 17, 2015 10:39 pm
Location: West Coast

Re: When does an old smartphone become unsafe to use.

Post by quantAndHold »

The average phone in the US is 25 months old, and iPhones, at least, generally get updates for 5+ years, so I suspect your estimate of how many out of date phones there are is wrong.

Anyway, it’s obvious that you’re looking for confirmation for something that you’ve already decided to do, so you’re probably going to do it regardless of what anyone says. But at least two cybersecurity professionals have posted in this thread telling you it’s a bad idea.

Being alarmist would be to not have a phone at all. But the happy medium definitely falls on the side of not using a phone that isn’t getting security updates.
Jason95357
Posts: 47
Joined: Mon Apr 27, 2020 12:01 pm

Re: When does an old smartphone become unsafe to use.

Post by Jason95357 »

Using any unpatched device on the internet is dangerous. Using one you actively use for surfing is very dangerous. A mitigating step you can take is to use a browser that is still getting updates once the stock Google Chrome no longer receives them.

Yes, it matters how you use you phone. If you surf "risky" websites you are more likely to run across malware and exploits. Pron and pirate movie download sites, etc. are not discriminating about who they take ads from. But even normal "clean" websites have ads and bag guys still manage to purchase ads from time to time in an effort to get your phone to load their malicious content.

If you use your phone for any financial reason or ever log into your bank, credit cards, financial investment accounts using it, very dangerous to not have I updated. Also consider how these same institutions verify you are you: usually via SMS text and/or email to your phone. It doesn't matter how good your password is when the bad guy can just use the reset password option and get the info from your compromised phone.

Just budget on getting a new phone every 3 to 5 years. Yes, the lastest Pixels just began offering security updates for 5 years to match Apple. However, the cost of these premium phones vs. a perfectly acceptable $200-250 "budget" phone isn't worth 2 extra years - stick with the 3 year budget model phones. I just upgraded my mom to a Moto G Stylus 2021 for $250 and it is more than adequate.

If your time isn't worth much, you can go with the LineageOS Android and basically reflash your phone to a version still getting updates. I did this as a hobby interest for a bit. It is time consuming, but fun to be able to have no junk apps and better control your phone.

https://wiki.lineageos.org/devices/blueline/

https://download.lineageos.org/blueline
Jason95357
Posts: 47
Joined: Mon Apr 27, 2020 12:01 pm

Re: When does an old smartphone become unsafe to use.

Post by Jason95357 »

Rdytoretire wrote: Mon Oct 25, 2021 7:08 pm I believe Google was still selling Pixel 3's up unit about 12 months ago. Seems odd that they would sell a phone that may be unsafe in 12 months. Maybe that is just the nature of the business but that does not make sense for the consumer or Google.
It doesn't matter when they last sold the phone. Their support model is based the models *first* release date. That first release date sets the beginning of the 3 year support timeframe for Android (and now 5 years of security updates for select premium Pixel models).

Moral of the story: don't buy phone models that came out two years ago.
Jason95357
Posts: 47
Joined: Mon Apr 27, 2020 12:01 pm

Re: When does an old smartphone become unsafe to use.

Post by Jason95357 »

shelanman wrote: Mon Oct 25, 2021 7:19 pm From a security perspective, your phone will become unsafe immediately after the first discovery of a security vulnerability for which you are not going to get a patch/update.

That will probably happen sometime between 90 days and 1 year after your last OS update, but it could happen sooner or it could happen later.

It gets worse over time both because more vulnerabilities will be discovered and also because the already-discovered ones will be more well known and tools for exploiting them will become easier to use.

It takes a sophisticated hacker to find a new vulnerability and figure out how to exploit it. But any old script kiddie can pwn your device just for giggles once the attack has been reduced to simple tooling
Security professional here:
The phone is already unsafe and vulnerabilities are already known by the most sophisticated criminal organizations. They just choose to sit on these for either high-value targets and/or to wait until the End of Support Date at which point these become "forever-day" vulnerabilities which will never be patched.

Vulnerabilities are like gold in the criminal underground. But if used "too soon" then they are squandered and will be patched and have less value for only a month or two cycle between security patch updates.

If you are a high income earner, you are a target. Even just being in a first world country you are a target for low-value exploits. If you have ever had a Linked-In account, you're probably on a list and ranked based on presumed value. Organized crime is very sophisticated these days. Time is money, and they want to spend their time on the highest value target with the highest rate of return.
Topic Author
Rdytoretire
Posts: 443
Joined: Mon Mar 25, 2019 6:23 pm

Re: When does an old smartphone become unsafe to use.

Post by Rdytoretire »

quantAndHold wrote: Sat Nov 06, 2021 10:00 am The average phone in the US is 25 months old, and iPhones, at least, generally get updates for 5+ years, so I suspect your estimate of how many out of date phones there are is wrong.

Anyway, it’s obvious that you’re looking for confirmation for something that you’ve already decided to do, so you’re probably going to do it regardless of what anyone says. But at least two cybersecurity professionals have posted in this thread telling you it’s a bad idea.

Being alarmist would be to not have a phone at all. But the happy medium definitely falls on the side of not using a phone that isn’t getting security updates.
Thanks for that. I am still considering what to do about my phone. If I did not care what anyone said I would not have bothered starting this thread. I am certainly taking the responses seriously. In the future if I purchase a high quality phone I will make sure it comes with at least 5 years of updates. The current Android model of updates for only 3 years seems wasteful. I understand technology advances quickly but most of the uses of a cellphone do not appear to require the latest and greatest. An example is 5G, what do I care if the phone takes 1-2 seconds longer to access a website.
User avatar
quantAndHold
Posts: 10141
Joined: Thu Sep 17, 2015 10:39 pm
Location: West Coast

Re: When does an old smartphone become unsafe to use.

Post by quantAndHold »

Rdytoretire wrote: Sat Nov 06, 2021 11:03 am
quantAndHold wrote: Sat Nov 06, 2021 10:00 am The average phone in the US is 25 months old, and iPhones, at least, generally get updates for 5+ years, so I suspect your estimate of how many out of date phones there are is wrong.

Anyway, it’s obvious that you’re looking for confirmation for something that you’ve already decided to do, so you’re probably going to do it regardless of what anyone says. But at least two cybersecurity professionals have posted in this thread telling you it’s a bad idea.

Being alarmist would be to not have a phone at all. But the happy medium definitely falls on the side of not using a phone that isn’t getting security updates.
Thanks for that. I am still considering what to do about my phone. If I did not care what anyone said I would not have bothered starting this thread. I am certainly taking the responses seriously. In the future if I purchase a high quality phone I will make sure it comes with at least 5 years of updates. The current Android model of updates for only 3 years seems wasteful. I understand technology advances quickly but most of the uses of a cellphone do not appear to require the latest and greatest. An example is 5G, what do I care if the phone takes 1-2 seconds longer to access a website.
I completely agree with you about the wastefulness of replacing a phone every couple of years. I have a 3 year old iPhone with a cracked screen, and I intend to keep it until it’s either not getting updates anymore, or until it completely falls apart physically (which seems the most likely thing right now). I personally think iPhones are a better deal because they’re supported longer. I just get the newest model and use it for as long as I can.
Seal the Deal
Posts: 218
Joined: Sat Jan 20, 2018 6:25 pm

Re: When does an old smartphone become unsafe to use.

Post by Seal the Deal »

LineageOS has been mentioned a few times up-thread. I recently installed this on a Moto G7 and have been impressed. It's a clean version of Android that gets security updates monthly. This is a good and free alternative to replacing a phone that you like and has outrun support.

I'd guess flashing a custom ROM onto a phone isn't for everyone, but I saw this as a learning opportunity and like to diy so I gave it a shot. I'm not exactly tech savvy, but the instructions on the Lineage wiki are pretty good and there are other guides on the web which helped. I first tried it on an old Moto G3 in case I screwed something up and bricked it. I struggled on a couple steps but got it to work after a couple hours. Running through the install on the G7 took about 45 minutes. Definitely a boglehead move.
Topic Author
Rdytoretire
Posts: 443
Joined: Mon Mar 25, 2019 6:23 pm

Re: When does an old smartphone become unsafe to use.

Post by Rdytoretire »

Thanks for the suggestion, Seal the Deal. I will probably give LineageOS a try. Like you, I enjoy learning and DIY. I will try it on an old phone first. Does the old phone have to have a SIM card installed and be active. I have an old Moto X, that was replaced with the Pixel 3, but have not used the Moto X for a couple of years.
Seal the Deal
Posts: 218
Joined: Sat Jan 20, 2018 6:25 pm

Re: When does an old smartphone become unsafe to use.

Post by Seal the Deal »

Rdytoretire wrote: Sun Nov 07, 2021 10:14 am Thanks for the suggestion, Seal the Deal. I will probably give LineageOS a try. Like you, I enjoy learning and DIY. I will try it on an old phone first. Does the old phone have to have a SIM card installed and be active. I have an old Moto X, that was replaced with the Pixel 3, but have not used the Moto X for a couple of years.
According to the LineageOS wiki the Moto X is no longer supported. They have instructions on how to make a private build - which looks like a lot more work and something I know nothing about. But as to your question no, you don't need a sim card to flash the OS.

The Pixel 3 is definitely supported so that would be a more straight forward installation. If something goes wrong you might be able to pop your Pixel sim into the Moto X for a short term solution, I believe they both use nano-sim.

I forgot to mention before that you can load the Google Apps add-on during installation. This is a must if you want to have all of your current apps on the new OS. Good luck!
Prahasaurus
Posts: 1028
Joined: Fri Mar 29, 2019 1:02 am

Re: When does an old smartphone become unsafe to use.

Post by Prahasaurus »

Rdytoretire wrote: Sun Nov 07, 2021 10:14 am Thanks for the suggestion, Seal the Deal. I will probably give LineageOS a try. Like you, I enjoy learning and DIY. I will try it on an old phone first. Does the old phone have to have a SIM card installed and be active. I have an old Moto X, that was replaced with the Pixel 3, but have not used the Moto X for a couple of years.
My (admittedly 30 second) internet search says LineageOS is "mostly open source." Mostly? Just make sure you are very comfortable with allowing them potentially full access to everything you do on your phone. Yes, I realize iOS and most corporate installations of Android are not fully open source, either. Which gets back to your comfort levels with LineageOS.
Asset Allocation: VT
Post Reply