When it’s perfectly fine to use a phone that’s ‘unsupported’. And when it’s not!
You'll have heard of the Surface Duo? Running Android, it's a dual screened phone with unique form factor that is being abandoned by its maker, Microsoft, in a month or two's time. Begging the question as to what happens for people using it at that time.
In fact, the situation isn't unusual, especially in the Android world. People all over the planet are still using 3, 4, 5, even 6 or more years old phones with nothing really bad happening to them. Manufacturer updates typically stop around the three year mark (more if it's a Samsung, less if it's made by Motorola or a lesser Chinese brand), so it's a valid question to wonder just how safe using these older phones with old operating system versions really is.
I realise that this is a topic we keep coming back to on the Phones Show Chat podcast, but for everyone else, here's a primer... and my take.
There are various aspects to manufacturer updates that get offered to your smartphone: Operating System (OS) upgrades (typically yearly, on iOS and Android); and bug fix/security patches, released monthly (usually). The former are what they sound - new generations of the interface, with major new features - exciting shiny, shiny stuff. But there are not usually any security considerations.
The monthly (or, in iOS's case, whenever Apple decides to release) security patches and bug fixes are less glamorous but much more important. Smartphone OS are so complex now, at least under the hood, that imperfections in the code and poor handling of unusual circumstances can cause things to go wrong.
These imperfections are known as 'vulnerabilities' and can be as minor as something looking odd in the UI and as major as a malicious person on the Internet being able to take over your phone and steal your data. Thankfully, the latter is a lot less likely because of the various protections already in place.
- Phone OS have many security features, 'sandboxing' what applications and web sites can do - at least in theory.
- App stores on the device are monitored and, again in theory, malicious apps can't be accessed and installed.
- Monthly (or so) security updates fix any code which has been found to be vulnerable.
- (And in Android's case) Google Play Protect (on every Android phone that has Google Mobile Services, which is most phones outside China) is kept up to date for many years, even when a manufacturer has stopped updating a phone's core software. Think of this as an anti-virus/anti-spyware from Google itself. New applications are scanned as they install and existing installations and updates are scanned in the background against known malware - just in case!
- (Also on Android) Google update your browser (usually Chrome) independently from the core OS, and so you can rely on browser safety as long as the browser is supported in the Play Store.
A lot is made of OS upgrades, but my take is that they're less important than security updates - after all, your phone's specification was designed for the OS version it launched with, and subsequent updates invariably hit performance. But security is just that and especially important in the first year or two after an OS version arrives, i.e. when most of the bugs get found and quoshed.
So we arrive at a time three or so years after a phone is released (let's assume Android for now, because things move with differing timescales in the iPhone world). The phone's OS won't get updated again, and security updates are coming to a close. Is is time to worry, time to panic?
Which is where my example phone, the Surface Duo, comes in. Or any other Android-powered phone reaching its sunset years. Just as you wouldn't write off a human being when they 'retire', neither should you write off a phone. It just means, as with a human, that you have to be slightly more careful!
The protections above count for a lot. An awful lot. In fact, you'd have to work pretty hard to become a victim of malware, even on a no-longer-supported phone. Common sense will keep you safe, but just in case, here are a few obvious dos and don'ts:
- Only install applications from the main application store.
- When installing from the store, stick to apps and games that have had lots of downloads and reviews are thus pre-tested by others.
- If you absolutely HAVE to install something from a .apk file found on the web (e.g. a GCam port) then go carefully, watching for unexpected error messages and odd behaviour. If in doubt, then uninstall!
- Your browser will be up to date (see above), as will many of its components, but you should probably still stay clear of the dark web, by which I mean web sites that you've never heard of and which usually contain (or claim to contain) something illicit. 'Drive by' malware does exist for mobile devices, though any 'install' prompts should always give you a warning that something's trying to come along for the ride!
Keeping phones for longer has to be good for your wallet and good for the planet. Less e-waste etc. And I contend that a three year old phone in 2023 is perfectly fast enough for 99.9% of the population. We already have more horsepower in our phones than most of us need.
PS. If you like this feature and want to support my work then please do so here via PayPal. Thanks.