When does an old smartphone become unsafe to use.
-
- Posts: 443
- Joined: Mon Mar 25, 2019 6:23 pm
When does an old smartphone become unsafe to use.
I did a quick search of the forum and could not find any threads that specifically addressed this issue.
I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.
How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?
I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.
https://www.tomsguide.com/us/old-phones ... 24846.html
I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.
How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?
I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.
https://www.tomsguide.com/us/old-phones ... 24846.html
-
- Posts: 4074
- Joined: Fri Jan 29, 2016 11:40 am
Re: When does an old smartphone become unsafe to use.
Most people don't know their device has been compromised. They just wonder why they have weird popups, slow battery life, and why their email app suddenly looks different. It wouldn't get published that someone was "hacked" because it's usually not that newsworthy until we read about a large botnet or something that launches a coordinated attack using millions of compromised thermostats or smartphones.
Its more of an issue on Android given the tendency of Android users to download apps from random links, but there are rogue IOS apps as well that get onto the app store.
Your Pixel 3 won't suddenly become unsafe per se. Extremely critical vulnerabilities will likely still get patches but it won't be guaranteed. I recently moved from Pixel 3 to Pixel 5 and am loving the battery life. It's noon and I'm at 86% remaining where my Pixel 3 would have been below 50% for the same usage.
Its more of an issue on Android given the tendency of Android users to download apps from random links, but there are rogue IOS apps as well that get onto the app store.
Your Pixel 3 won't suddenly become unsafe per se. Extremely critical vulnerabilities will likely still get patches but it won't be guaranteed. I recently moved from Pixel 3 to Pixel 5 and am loving the battery life. It's noon and I'm at 86% remaining where my Pixel 3 would have been below 50% for the same usage.
Re: When does an old smartphone become unsafe to use.
I would suggest getting an iPhone because they are supported longer. Contary to what that Toms Guide post predicted, the iPhone 6s released in 2015 is still supported for the latest iOS 15 released last month. (My old iPad Air 2 released in 2014 also received the latest iPadOS 15 update.)Rdytoretire wrote: ↑Mon Oct 25, 2021 10:59 am I did a quick search of the forum and could not find any threads that specifically addressed this issue.
I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.
How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?
I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.
https://www.tomsguide.com/us/old-phones ... 24846.html
I probably wouldn't rely on a phone more than a year after its OS stopped being supported. Eventually you won't be able to run the latest versions of apps either, as those are updated to require the latest OS. The risks would depend on what you do on the phone. If you call, text, and passively surf the web, the risks will be low. If you use payment apps, banking apps, etc., I'd be more wary on relying on unsupported software. (Although the risks would probably still be low.)
Re: When does an old smartphone become unsafe to use.
I just bought a Pixel 6. I am rocking my 2XL still. I am updating mainly because apps are more prone to crash now than even a year ago. Also the Pixel 6 gets 5 years of security updates. Just 3 years of android updates (hopefully google expands this to 5 but no guarantees). If I were you I'd wait for the 7. Getting a solid phone every 4 years is a good frequency IMO.
Edit: realized I didn't answer your questions. You will be fine until you are not. I took a risk by using an unprotected phone but I do use a VPN and block trackers etc.
Edit: realized I didn't answer your questions. You will be fine until you are not. I took a risk by using an unprotected phone but I do use a VPN and block trackers etc.
-
- Posts: 2352
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: When does an old smartphone become unsafe to use.
If your phone is no longer getting security updates, you should replace it.
-
- Posts: 443
- Joined: Mon Mar 25, 2019 6:23 pm
Re: When does an old smartphone become unsafe to use.
I appreciate the replies. I would think there are many phones currently in use that are no longer receiving security updates. Many people get new phones every 2-3 years but probably just as many may be using old phones that no longer get updates. A good Boglehead keeps their phones a long time just like they do their automobiles. Is purchasing a new phone every 3 years for those who also wear a belt and suspenders?
As far as apps not working properly are most apps updated that frequently that that becomes an issue in 2-3 years?
As far as apps not working properly are most apps updated that frequently that that becomes an issue in 2-3 years?
- quantAndHold
- Posts: 10141
- Joined: Thu Sep 17, 2015 10:39 pm
- Location: West Coast
Re: When does an old smartphone become unsafe to use.
Your phone will be fine until it isn’t, and you won’t know when it isn’t. The person above who is experiencing app “crashes”…this is often a symptom of a hack. I would smash that phone with a hammer, and change the passwords of any account that’s ever been attached to it.
Seriously, in today’s world, once the phone stops getting security updates, it’s toast. You can use it to play music, but it is not safe to use on the internet, no matter whether all the other kids in the class are still using theirs or not.
Seriously, in today’s world, once the phone stops getting security updates, it’s toast. You can use it to play music, but it is not safe to use on the internet, no matter whether all the other kids in the class are still using theirs or not.
- quantAndHold
- Posts: 10141
- Joined: Thu Sep 17, 2015 10:39 pm
- Location: West Coast
Re: When does an old smartphone become unsafe to use.
And if you want to keep your phones for longer, get an iPhone. They get updates longer than android.
-
- Posts: 4074
- Joined: Fri Jan 29, 2016 11:40 am
Re: When does an old smartphone become unsafe to use.
Absolutely true.Rdytoretire wrote: ↑Mon Oct 25, 2021 6:23 pm I appreciate the replies. I would think there are many phones currently in use that are no longer receiving security updates.
Most people also have a single shared login to Windows, use Password123 as their password for everything, and leave their cars unlocked. Doesn't mean it's wise!
-
- Posts: 443
- Joined: Mon Mar 25, 2019 6:23 pm
Re: When does an old smartphone become unsafe to use.
I believe Google was still selling Pixel 3's up unit about 12 months ago. Seems odd that they would sell a phone that may be unsafe in 12 months. Maybe that is just the nature of the business but that does not make sense for the consumer or Google.
[/quote]
Absolutely true.
Most people also have a single shared login to Windows, use Password123 as their password for everything, and leave their cars unlocked. Doesn't mean it's wise!
[/quote]
Those things are easy to avoid and cost nothing. Getting a new phone every 3 years that's something else.
[/quote]
Absolutely true.
Most people also have a single shared login to Windows, use Password123 as their password for everything, and leave their cars unlocked. Doesn't mean it's wise!
[/quote]
Those things are easy to avoid and cost nothing. Getting a new phone every 3 years that's something else.
Last edited by Rdytoretire on Mon Oct 25, 2021 7:11 pm, edited 1 time in total.
-
- Posts: 2697
- Joined: Fri Apr 25, 2014 6:38 pm
Re: When does an old smartphone become unsafe to use.
They never become unsafe.Rdytoretire wrote: ↑Mon Oct 25, 2021 10:59 am I did a quick search of the forum and could not find any threads that specifically addressed this issue.
I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.
How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?
I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.
https://www.tomsguide.com/us/old-phones ... 24846.html
Now, if you have a phone that only uses 3G you should upgrade that phone to one that uses 4G asap.
Re: When does an old smartphone become unsafe to use.
From a security perspective, your phone will become unsafe immediately after the first discovery of a security vulnerability for which you are not going to get a patch/update.
That will probably happen sometime between 90 days and 1 year after your last OS update, but it could happen sooner or it could happen later.
It gets worse over time both because more vulnerabilities will be discovered and also because the already-discovered ones will be more well known and tools for exploiting them will become easier to use.
It takes a sophisticated hacker to find a new vulnerability and figure out how to exploit it. But any old script kiddie can pwn your device just for giggles once the attack has been reduced to simple tooling
That will probably happen sometime between 90 days and 1 year after your last OS update, but it could happen sooner or it could happen later.
It gets worse over time both because more vulnerabilities will be discovered and also because the already-discovered ones will be more well known and tools for exploiting them will become easier to use.
It takes a sophisticated hacker to find a new vulnerability and figure out how to exploit it. But any old script kiddie can pwn your device just for giggles once the attack has been reduced to simple tooling
-
- Posts: 2352
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: When does an old smartphone become unsafe to use.
That's not true. Critical vulnerabilities can be discovered at any time.Trader Joe wrote: ↑Mon Oct 25, 2021 7:11 pmThey never become unsafe.Rdytoretire wrote: ↑Mon Oct 25, 2021 10:59 am I did a quick search of the forum and could not find any threads that specifically addressed this issue.
I purchased a Google Pixel 3 two years ago. My understanding is that since the phone has been out for three years it will no longer be supported for updates beginning October 2021. I hope to keep my phone at least a couple more years. Will my phone be unsafe to use?
.
I would think there are many Android and i phones in use that are no longer being supported for updates They may even outnumber supported phones. I have not read or heard about peoples phones being hacked.
How unsafe is not getting updates?
Does it matter how you use your phone?
Is there anything I can do to help make an old phone more secure?
I know some of you would say just get an i phone because they are supported longer, but I like my Android phones. I'm wondering what Bogleheads take is on this issue.
https://www.tomsguide.com/us/old-phones ... 24846.html
Now, if you have a phone that only uses 3G you should upgrade that phone to one that uses 4G asap.
Re: When does an old smartphone become unsafe to use.
I think it depends what you do on your smartphone. For me, I do everything on my phone (IE banks, investment accounts, work, notes with all my user names and passwords, etc). If you're anything like me, you're looking for the safest options. My iPhone 13 pro max will be delivered tomorrow. If you're like my dad or uncles, you use your flip phone or jitterbug to make/ receive a call or two a day, check the time, calendar, and that's it. Also my kids have 5+ year old phones which they use just to face time or text their friends. In the latter cases it doesn't matter.
I just upgraded my laptop (2012 MacBook Pro) to a new one (2020 Macbook air) for this exact reason. When it's not supported anymore, your personal information is no longer safe. Decide where you fall in this discussion and upgrade as needed.
I just upgraded my laptop (2012 MacBook Pro) to a new one (2020 Macbook air) for this exact reason. When it's not supported anymore, your personal information is no longer safe. Decide where you fall in this discussion and upgrade as needed.
Light weight baby!
Re: When does an old smartphone become unsafe to use.
I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Re: When does an old smartphone become unsafe to use.
Theoretically, they could hijack your phone and use it in a distributed denial of service attack, using up your data. You would probably recognize it by it quickly draining your battery life. That's about all the risk, if you don't store passwords or log in to personal information sites on the phone. I have an old iPad I use for pictures, videos, and social media and I don't have any banking apps or log in to web sites with personal information on it. It is several iOS updates behind but that's fine.namajones wrote: ↑Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
-
- Posts: 4074
- Joined: Fri Jan 29, 2016 11:40 am
Re: When does an old smartphone become unsafe to use.
Do you have any services which text you for 2FA, even just as a backup?namajones wrote: ↑Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Re: When does an old smartphone become unsafe to use.
2FA? Is that English?dukeblue219 wrote: ↑Tue Oct 26, 2021 2:23 pmDo you have any services which text you for 2FA, even just as a backup?namajones wrote: ↑Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Re: When does an old smartphone become unsafe to use.
More American than anything else but nationality aside, it's an acronym meaning "Two Factor Authentication."namajones wrote: ↑Tue Oct 26, 2021 2:53 pm2FA? Is that English?dukeblue219 wrote: ↑Tue Oct 26, 2021 2:23 pmDo you have any services which text you for 2FA, even just as a backup?namajones wrote: ↑Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
Re: When does an old smartphone become unsafe to use.
The risk level likely depends on what you're doing. If you only use a handful of well established apps and sites, the chances are probably low that anything would happen.
But if you're concerned, maybe this is an option? https://lineageos.org/
(I have no experience with it; just found it after doing a google search)
But if you're concerned, maybe this is an option? https://lineageos.org/
(I have no experience with it; just found it after doing a google search)
Last edited by cacophony on Tue Oct 26, 2021 10:37 pm, edited 1 time in total.
Re: When does an old smartphone become unsafe to use.
A few seconds before exploding
As an avid old phone user following replies though
As an avid old phone user following replies though
-
- Posts: 630
- Joined: Wed Mar 04, 2009 9:48 pm
Re: When does an old smartphone become unsafe to use.
When it’s all split open and bulged because the battery swelled up so much, it might be unsafe.
- thriftynick
- Posts: 81
- Joined: Fri Nov 26, 2010 4:29 pm
Re: When does an old smartphone become unsafe to use.
I use a Pixel 3a and plan on continuing using it past the end of security updates, unless a really good deal on a new phone presents itself. Just don't click on any strange e-mail links, or browse any questionable websites and you should be fine.
Re: When does an old smartphone become unsafe to use.
Actually it could be a bit worse than that. If the compromised device is also connected to home wifi it could infect other devices on the network like a primary computer.calwatch wrote: ↑Tue Oct 26, 2021 2:03 pmTheoretically, they could hijack your phone and use it in a distributed denial of service attack, using up your data. You would probably recognize it by it quickly draining your battery life. That's about all the risk, if you don't store passwords or log in to personal information sites on the phone. I have an old iPad I use for pictures, videos, and social media and I don't have any banking apps or log in to web sites with personal information on it. It is several iOS updates behind but that's fine.namajones wrote: ↑Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
There are plenty of real world examples of financial accounts being compromised by malware. Many identity thieves use malware to get the information they use to steal people's identity/hijack accounts.
Re: When does an old smartphone become unsafe to use.
+1, I wouldn't wait much longer than a couple of weeks.HawkeyePierce wrote: ↑Mon Oct 25, 2021 3:49 pm If your phone is no longer getting security updates, you should replace it.
- quantAndHold
- Posts: 10141
- Joined: Thu Sep 17, 2015 10:39 pm
- Location: West Coast
Re: When does an old smartphone become unsafe to use.
Once they get into your phone, they can use the phone as a launchpad to get into your entire home network, including the computer you do all your banking on.namajones wrote: ↑Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
If they’re in your phone, they can also hijack your password reset emails, without you ever knowing, reset all your passwords, and have a party in your accounts.
Re: When does an old smartphone become unsafe to use.
I don't think that's the case, otherwise every public wifi point would be a vector for attacks, and they aren't. And a password reset email, especially for banking, requires more than just the email but also some information that only you would know. If you are comfortable connecting your account with Mint or storing passwords on Google or another password keeper service, I wouldn't worry much about an un-updated phone somehow hacking other computers protected by their own firewalls.quantAndHold wrote: ↑Thu Oct 28, 2021 10:08 amOnce they get into your phone, they can use the phone as a launchpad to get into your entire home network, including the computer you do all your banking on.namajones wrote: ↑Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
If they’re in your phone, they can also hijack your password reset emails, without you ever knowing, reset all your passwords, and have a party in your accounts.
-
- Posts: 485
- Joined: Tue Jul 16, 2019 6:00 pm
Re: When does an old smartphone become unsafe to use.
If someone gains access to your android phone they likely also have access to your google account and all stored passwords.
See for yourself if you have an android phone: Android Chrome:Settings:Passwords.
I assume that the same is true for an iPhone (but I've not used an apple device since the late 80s).
- quantAndHold
- Posts: 10141
- Joined: Thu Sep 17, 2015 10:39 pm
- Location: West Coast
Re: When does an old smartphone become unsafe to use.
You misunderstand. Public wifi is not a vector from your phone to a laptop that’s sitting at home. But your home network is.calwatch wrote: ↑Thu Oct 28, 2021 11:27 amI don't think that's the case, otherwise every public wifi point would be a vector for attacks, and they aren't. And a password reset email, especially for banking, requires more than just the email but also some information that only you would know. If you are comfortable connecting your account with Mint or storing passwords on Google or another password keeper service, I wouldn't worry much about an un-updated phone somehow hacking other computers protected by their own firewalls.quantAndHold wrote: ↑Thu Oct 28, 2021 10:08 amOnce they get into your phone, they can use the phone as a launchpad to get into your entire home network, including the computer you do all your banking on.namajones wrote: ↑Tue Oct 26, 2021 1:49 pm I wish someone would tell me in concrete terms how, exactly, I'm not protected by applying these incessant updates from Apple. I think it's a bunch of baloney, actually. What is some hacker going to do on my phone, anyway? Read my boring text messages? To the hackers: have fun, dopes.
If they’re in your phone, they can also hijack your password reset emails, without you ever knowing, reset all your passwords, and have a party in your accounts.
I agree, getting into someone’s bank account from a compromised phone is currently a nontrivial, multi step process. Using the technology available to today’s attackers, it would need to be a targeted attack by a fairly sophisticated hacker. The problem with saying the attack is too hard to be viable is that attack technology is always advancing, and what’s hard to do today will be a software package that a 20 year old in Estonia can buy next year. The person with the out of date phone probably also probably has a poorly protected home network, an out of date laptop, and never bothered to set up any of the advanced security features on their accounts. It’s completely plausible that someone could develop a software package to take advantage of that situation. I mean, that’s what’s going on with the ransomware attacks right now. You can go onto the dark web and buy a software package to pwn your local hospital.
There is already an iPhone attack where you don’t even have to click links on the text message. You just have to open the message. If you haven’t updated your iPhone software in the past six weeks or so, you’re a sitting duck for that one.
Re: When does an old smartphone become unsafe to use.
In this class of attacks, you don't even have to open the message. The iPhone Messages app processes the harmful message as soon as it reaches the phone, so it can be compromised even before the human knows that something has been received.quantAndHold wrote: ↑Thu Oct 28, 2021 2:47 pm There is already an iPhone attack where you don’t even have to click links on the text message. You just have to open the message. If you haven’t updated your iPhone software in the past six weeks or so, you’re a sitting duck for that one.
-
- Posts: 443
- Joined: Mon Mar 25, 2019 6:23 pm
Re: When does an old smartphone become unsafe to use.
I appreciate the responses to this thread. I think that it's possible that 30-50% of phones being used no longer get updates. There is no shortage of people who don't upgrade their Android phones every 3 years. Wondering why we don't hear about those hacked phones? Seems like it's not very common.
To those that say that people who have phones that are not updated also do not care about the security of their laptops or other systems. Those don't generally become unsafe in 3 years.
I have know people who are on the other end of the spectrum, They would not direct deposit their paychecks because of fears of "hacking" so they would go to the bank every two weeks instead. Is there a happy medium between being alarmist and not being concerned at all?
To those that say that people who have phones that are not updated also do not care about the security of their laptops or other systems. Those don't generally become unsafe in 3 years.
I have know people who are on the other end of the spectrum, They would not direct deposit their paychecks because of fears of "hacking" so they would go to the bank every two weeks instead. Is there a happy medium between being alarmist and not being concerned at all?
-
- Posts: 3633
- Joined: Thu Jul 09, 2015 7:00 pm
Re: When does an old smartphone become unsafe to use.
+1.HawkeyePierce wrote: ↑Mon Oct 25, 2021 3:49 pm If your phone is no longer getting security updates, you should replace it.
The most precious gift we can offer anyone is our attention. - Thich Nhat Hanh
- quantAndHold
- Posts: 10141
- Joined: Thu Sep 17, 2015 10:39 pm
- Location: West Coast
Re: When does an old smartphone become unsafe to use.
The average phone in the US is 25 months old, and iPhones, at least, generally get updates for 5+ years, so I suspect your estimate of how many out of date phones there are is wrong.
Anyway, it’s obvious that you’re looking for confirmation for something that you’ve already decided to do, so you’re probably going to do it regardless of what anyone says. But at least two cybersecurity professionals have posted in this thread telling you it’s a bad idea.
Being alarmist would be to not have a phone at all. But the happy medium definitely falls on the side of not using a phone that isn’t getting security updates.
Anyway, it’s obvious that you’re looking for confirmation for something that you’ve already decided to do, so you’re probably going to do it regardless of what anyone says. But at least two cybersecurity professionals have posted in this thread telling you it’s a bad idea.
Being alarmist would be to not have a phone at all. But the happy medium definitely falls on the side of not using a phone that isn’t getting security updates.
-
- Posts: 47
- Joined: Mon Apr 27, 2020 12:01 pm
Re: When does an old smartphone become unsafe to use.
Using any unpatched device on the internet is dangerous. Using one you actively use for surfing is very dangerous. A mitigating step you can take is to use a browser that is still getting updates once the stock Google Chrome no longer receives them.
Yes, it matters how you use you phone. If you surf "risky" websites you are more likely to run across malware and exploits. Pron and pirate movie download sites, etc. are not discriminating about who they take ads from. But even normal "clean" websites have ads and bag guys still manage to purchase ads from time to time in an effort to get your phone to load their malicious content.
If you use your phone for any financial reason or ever log into your bank, credit cards, financial investment accounts using it, very dangerous to not have I updated. Also consider how these same institutions verify you are you: usually via SMS text and/or email to your phone. It doesn't matter how good your password is when the bad guy can just use the reset password option and get the info from your compromised phone.
Just budget on getting a new phone every 3 to 5 years. Yes, the lastest Pixels just began offering security updates for 5 years to match Apple. However, the cost of these premium phones vs. a perfectly acceptable $200-250 "budget" phone isn't worth 2 extra years - stick with the 3 year budget model phones. I just upgraded my mom to a Moto G Stylus 2021 for $250 and it is more than adequate.
If your time isn't worth much, you can go with the LineageOS Android and basically reflash your phone to a version still getting updates. I did this as a hobby interest for a bit. It is time consuming, but fun to be able to have no junk apps and better control your phone.
https://wiki.lineageos.org/devices/blueline/
https://download.lineageos.org/blueline
Yes, it matters how you use you phone. If you surf "risky" websites you are more likely to run across malware and exploits. Pron and pirate movie download sites, etc. are not discriminating about who they take ads from. But even normal "clean" websites have ads and bag guys still manage to purchase ads from time to time in an effort to get your phone to load their malicious content.
If you use your phone for any financial reason or ever log into your bank, credit cards, financial investment accounts using it, very dangerous to not have I updated. Also consider how these same institutions verify you are you: usually via SMS text and/or email to your phone. It doesn't matter how good your password is when the bad guy can just use the reset password option and get the info from your compromised phone.
Just budget on getting a new phone every 3 to 5 years. Yes, the lastest Pixels just began offering security updates for 5 years to match Apple. However, the cost of these premium phones vs. a perfectly acceptable $200-250 "budget" phone isn't worth 2 extra years - stick with the 3 year budget model phones. I just upgraded my mom to a Moto G Stylus 2021 for $250 and it is more than adequate.
If your time isn't worth much, you can go with the LineageOS Android and basically reflash your phone to a version still getting updates. I did this as a hobby interest for a bit. It is time consuming, but fun to be able to have no junk apps and better control your phone.
https://wiki.lineageos.org/devices/blueline/
https://download.lineageos.org/blueline
-
- Posts: 47
- Joined: Mon Apr 27, 2020 12:01 pm
Re: When does an old smartphone become unsafe to use.
It doesn't matter when they last sold the phone. Their support model is based the models *first* release date. That first release date sets the beginning of the 3 year support timeframe for Android (and now 5 years of security updates for select premium Pixel models).Rdytoretire wrote: ↑Mon Oct 25, 2021 7:08 pm I believe Google was still selling Pixel 3's up unit about 12 months ago. Seems odd that they would sell a phone that may be unsafe in 12 months. Maybe that is just the nature of the business but that does not make sense for the consumer or Google.
Moral of the story: don't buy phone models that came out two years ago.
-
- Posts: 47
- Joined: Mon Apr 27, 2020 12:01 pm
Re: When does an old smartphone become unsafe to use.
Security professional here:shelanman wrote: ↑Mon Oct 25, 2021 7:19 pm From a security perspective, your phone will become unsafe immediately after the first discovery of a security vulnerability for which you are not going to get a patch/update.
That will probably happen sometime between 90 days and 1 year after your last OS update, but it could happen sooner or it could happen later.
It gets worse over time both because more vulnerabilities will be discovered and also because the already-discovered ones will be more well known and tools for exploiting them will become easier to use.
It takes a sophisticated hacker to find a new vulnerability and figure out how to exploit it. But any old script kiddie can pwn your device just for giggles once the attack has been reduced to simple tooling
The phone is already unsafe and vulnerabilities are already known by the most sophisticated criminal organizations. They just choose to sit on these for either high-value targets and/or to wait until the End of Support Date at which point these become "forever-day" vulnerabilities which will never be patched.
Vulnerabilities are like gold in the criminal underground. But if used "too soon" then they are squandered and will be patched and have less value for only a month or two cycle between security patch updates.
If you are a high income earner, you are a target. Even just being in a first world country you are a target for low-value exploits. If you have ever had a Linked-In account, you're probably on a list and ranked based on presumed value. Organized crime is very sophisticated these days. Time is money, and they want to spend their time on the highest value target with the highest rate of return.
-
- Posts: 443
- Joined: Mon Mar 25, 2019 6:23 pm
Re: When does an old smartphone become unsafe to use.
Thanks for that. I am still considering what to do about my phone. If I did not care what anyone said I would not have bothered starting this thread. I am certainly taking the responses seriously. In the future if I purchase a high quality phone I will make sure it comes with at least 5 years of updates. The current Android model of updates for only 3 years seems wasteful. I understand technology advances quickly but most of the uses of a cellphone do not appear to require the latest and greatest. An example is 5G, what do I care if the phone takes 1-2 seconds longer to access a website.quantAndHold wrote: ↑Sat Nov 06, 2021 10:00 am The average phone in the US is 25 months old, and iPhones, at least, generally get updates for 5+ years, so I suspect your estimate of how many out of date phones there are is wrong.
Anyway, it’s obvious that you’re looking for confirmation for something that you’ve already decided to do, so you’re probably going to do it regardless of what anyone says. But at least two cybersecurity professionals have posted in this thread telling you it’s a bad idea.
Being alarmist would be to not have a phone at all. But the happy medium definitely falls on the side of not using a phone that isn’t getting security updates.
- quantAndHold
- Posts: 10141
- Joined: Thu Sep 17, 2015 10:39 pm
- Location: West Coast
Re: When does an old smartphone become unsafe to use.
I completely agree with you about the wastefulness of replacing a phone every couple of years. I have a 3 year old iPhone with a cracked screen, and I intend to keep it until it’s either not getting updates anymore, or until it completely falls apart physically (which seems the most likely thing right now). I personally think iPhones are a better deal because they’re supported longer. I just get the newest model and use it for as long as I can.Rdytoretire wrote: ↑Sat Nov 06, 2021 11:03 amThanks for that. I am still considering what to do about my phone. If I did not care what anyone said I would not have bothered starting this thread. I am certainly taking the responses seriously. In the future if I purchase a high quality phone I will make sure it comes with at least 5 years of updates. The current Android model of updates for only 3 years seems wasteful. I understand technology advances quickly but most of the uses of a cellphone do not appear to require the latest and greatest. An example is 5G, what do I care if the phone takes 1-2 seconds longer to access a website.quantAndHold wrote: ↑Sat Nov 06, 2021 10:00 am The average phone in the US is 25 months old, and iPhones, at least, generally get updates for 5+ years, so I suspect your estimate of how many out of date phones there are is wrong.
Anyway, it’s obvious that you’re looking for confirmation for something that you’ve already decided to do, so you’re probably going to do it regardless of what anyone says. But at least two cybersecurity professionals have posted in this thread telling you it’s a bad idea.
Being alarmist would be to not have a phone at all. But the happy medium definitely falls on the side of not using a phone that isn’t getting security updates.
-
- Posts: 218
- Joined: Sat Jan 20, 2018 6:25 pm
Re: When does an old smartphone become unsafe to use.
LineageOS has been mentioned a few times up-thread. I recently installed this on a Moto G7 and have been impressed. It's a clean version of Android that gets security updates monthly. This is a good and free alternative to replacing a phone that you like and has outrun support.
I'd guess flashing a custom ROM onto a phone isn't for everyone, but I saw this as a learning opportunity and like to diy so I gave it a shot. I'm not exactly tech savvy, but the instructions on the Lineage wiki are pretty good and there are other guides on the web which helped. I first tried it on an old Moto G3 in case I screwed something up and bricked it. I struggled on a couple steps but got it to work after a couple hours. Running through the install on the G7 took about 45 minutes. Definitely a boglehead move.
I'd guess flashing a custom ROM onto a phone isn't for everyone, but I saw this as a learning opportunity and like to diy so I gave it a shot. I'm not exactly tech savvy, but the instructions on the Lineage wiki are pretty good and there are other guides on the web which helped. I first tried it on an old Moto G3 in case I screwed something up and bricked it. I struggled on a couple steps but got it to work after a couple hours. Running through the install on the G7 took about 45 minutes. Definitely a boglehead move.
-
- Posts: 443
- Joined: Mon Mar 25, 2019 6:23 pm
Re: When does an old smartphone become unsafe to use.
Thanks for the suggestion, Seal the Deal. I will probably give LineageOS a try. Like you, I enjoy learning and DIY. I will try it on an old phone first. Does the old phone have to have a SIM card installed and be active. I have an old Moto X, that was replaced with the Pixel 3, but have not used the Moto X for a couple of years.
-
- Posts: 218
- Joined: Sat Jan 20, 2018 6:25 pm
Re: When does an old smartphone become unsafe to use.
According to the LineageOS wiki the Moto X is no longer supported. They have instructions on how to make a private build - which looks like a lot more work and something I know nothing about. But as to your question no, you don't need a sim card to flash the OS.Rdytoretire wrote: ↑Sun Nov 07, 2021 10:14 am Thanks for the suggestion, Seal the Deal. I will probably give LineageOS a try. Like you, I enjoy learning and DIY. I will try it on an old phone first. Does the old phone have to have a SIM card installed and be active. I have an old Moto X, that was replaced with the Pixel 3, but have not used the Moto X for a couple of years.
The Pixel 3 is definitely supported so that would be a more straight forward installation. If something goes wrong you might be able to pop your Pixel sim into the Moto X for a short term solution, I believe they both use nano-sim.
I forgot to mention before that you can load the Google Apps add-on during installation. This is a must if you want to have all of your current apps on the new OS. Good luck!
-
- Posts: 1028
- Joined: Fri Mar 29, 2019 1:02 am
Re: When does an old smartphone become unsafe to use.
My (admittedly 30 second) internet search says LineageOS is "mostly open source." Mostly? Just make sure you are very comfortable with allowing them potentially full access to everything you do on your phone. Yes, I realize iOS and most corporate installations of Android are not fully open source, either. Which gets back to your comfort levels with LineageOS.Rdytoretire wrote: ↑Sun Nov 07, 2021 10:14 am Thanks for the suggestion, Seal the Deal. I will probably give LineageOS a try. Like you, I enjoy learning and DIY. I will try it on an old phone first. Does the old phone have to have a SIM card installed and be active. I have an old Moto X, that was replaced with the Pixel 3, but have not used the Moto X for a couple of years.
Asset Allocation: VT