Is it safe to keep using a phone after it stops receiving security updates?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
PandaParty
Posts: 32
Joined: Wed Feb 18, 2015 12:47 pm

Is it safe to keep using a phone after it stops receiving security updates?

Post by PandaParty » Sun Nov 11, 2018 11:16 am

What are the risks of using a phone past the expiration of security updates? I have a Nexus 6P and I believe the security updates are planned to stop this month. My phone is perfectly fine, it still works well and does everything I need it to. I would prefer not to purchase a new phone if I can reasonably mitigate the risks of not having the security updates anymore. If I get rid of my bank's app, Venmo, and other apps tied to my bank or CC and only use the phone for calls, text, Pandora and a few game apps, what are the risks I'm still facing?

quantAndHold
Posts: 3438
Joined: Thu Sep 17, 2015 10:39 pm

Re: Is it safe to keep using a phone after it stops receiving security updates?

Post by quantAndHold » Sun Nov 11, 2018 11:30 am

Arr you planning on using email on this phone? One of the biggest risks would be that an intruder could read your email, which often gives them access to things that are not on the phone.

User avatar
8foot7
Posts: 1628
Joined: Mon Jan 05, 2015 7:29 pm

Re: Is it safe to keep using a phone after it stops receiving security updates?

Post by 8foot7 » Sun Nov 11, 2018 11:39 am

Threats on a phone are overblown as long as you aren’t downloading weird apps.

JDofAZ
Posts: 19
Joined: Thu May 21, 2015 3:33 pm

Re: Is it safe to keep using a phone after it stops receiving security updates?

Post by JDofAZ » Sun Nov 11, 2018 4:31 pm

The risk is a compromised app exploits known and unpatched vulnerabilities to do some unauthorized thing on your device.

Android has a lot of mitigations since so many android devices are never patched. Rather than repeat I'll link to their documentation https://source.android.com/security/ . Since you are using a google device most of the built-in apps (Chrome, Gmail, Messages) are in the play store and should continue to be patched until they drop support for Android 8. (at least a few more years)

Google does not have a perfect record on catching malware before it is published on the play store. Another problem is an app can be clean when it is published but then download additional code once it is on the device.

There was a recent story about how popular apps are being purchased from the original developer, updated, and then used to defraud ad networks. https://www.buzzfeednews.com/article/cr ... -phones-to

If you wanted to be extra careful my advice would be not to install any app from a company that you do not absolutely trust. Google, Netflix, your bank, all those should be fine. I would less trust games, you could add a layer of isolation by creating a second profile and installing your games there.

I was a long time Nexus user starting with the Nexus 4. When Google started the Pixel line they started charging iPhone prices with Nexus quality support. This year after a lot of thought I switched to an iPhone 8, it was a little bit cheaper than the Pixel and Apple is averaging 5 years of updates these days. This is coming from someone who dislikes Apple and is frustrated by iOS.

If as secure as possible is important to you, then it is time to get a new phone.

SimonJester
Posts: 1960
Joined: Tue Aug 16, 2011 12:39 pm

Re: Is it safe to keep using a phone after it stops receiving security updates?

Post by SimonJester » Mon Nov 12, 2018 8:54 am

I would not use it to access any financial or banking information. You might be out of compliance with your financial institutions online agreement and thus no longer covered by their security guarantees.


Here is the one from Vanguard:

Further, you are fully responsible for all activities occurring under your accounts, user names, logins, passwords, and security questions and answers that result from your negligence, carelessness, misconduct, or failure to use or maintain appropriate security measures.

If the OS on the phone itself is compromised and hackers manager to get ahold of your vanguard account, they could claim by using an out of date OS on the phone which led to the compromise they will not reimburse you.

There is a risk here, Is is small is it large, to what level it is upto you to decide.
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - Benjamin Franklin

gtd98765
Posts: 395
Joined: Sun Jan 08, 2017 4:15 am

Re: Is it safe to keep using a phone after it stops receiving security updates?

Post by gtd98765 » Mon Nov 12, 2018 9:23 am

8foot7 wrote:
Sun Nov 11, 2018 11:39 am
Threats on a phone are overblown as long as you aren’t downloading weird apps.
+1

I have not yet read an article about a user's info being compromised by an Android app downloaded from the official Google Play store.

PFInterest
Posts: 2684
Joined: Sun Jan 08, 2017 12:25 pm

Re: Is it safe to keep using a phone after it stops receiving security updates?

Post by PFInterest » Mon Nov 12, 2018 9:24 am

PandaParty wrote:
Sun Nov 11, 2018 11:16 am
What are the risks of using a phone past the expiration of security updates? I have a Nexus 6P and I believe the security updates are planned to stop this month. My phone is perfectly fine, it still works well and does everything I need it to. I would prefer not to purchase a new phone if I can reasonably mitigate the risks of not having the security updates anymore. If I get rid of my bank's app, Venmo, and other apps tied to my bank or CC and only use the phone for calls, text, Pandora and a few game apps, what are the risks I'm still facing?
it depends on the security exploit.
generally, not a huge problem. until it is.

THY4373
Posts: 1184
Joined: Thu Mar 22, 2012 3:17 pm

Re: Is it safe to keep using a phone after it stops receiving security updates?

Post by THY4373 » Mon Nov 12, 2018 12:07 pm

I am going to continue to run my Nexus 6P now that I have finally found a decent replacement battery to replace the defective one that neither Google or Huawei would address (very common problem with 6P). I am very good now at taking the 6P apart and putting it back together. I am going to monitor to Android 8.1 vulnerabilities going forward and if something remotely exploitable comes along I'll consider upgrading the phone hardware then or perhaps flash over to Lineage OS (I run alternative firmware on a couple of tablets I have). Honestly, I am comfortable with the minimal risk since my apps should continue to get updates for the next year at least.

Like one of the posters above I am not inclined to drop iPhone prices on a new phone for less than iPhone support but I am also on ProjectFi, eh GoogleFi, and though an iPhone would work on it, it would be less than optimal.

User avatar
wander
Posts: 2761
Joined: Sat Oct 04, 2008 9:10 am

Re: Is it safe to keep using a phone after it stops receiving security updates?

Post by wander » Mon Nov 12, 2018 12:25 pm

I think as long the APPs are still functioning, you should be fine. But there is a point when the Apps complain about not working and require that you have to update the Apps, then you have no choice but to upgrade the phone.
Not updating the software maybe a better idea. I remember both of our old Itouch(es) started to slow down and then took forever to log in. If I had not updated the software, those may just be still working today.

Post Reply