Is your mobile phone secure?

Too many phones aren’t receiving the updates they need to be secure. Here's what you can do about it.

Man using mobile phone

When a new software security breach is found, there’s a flurry of activity by manufacturers and telcos to update networked devices, including phones and tablets, to keep them safe and secure. However, not all phones are equal when it comes to updates.

While iPhones and new Android devices receive regular and timely updates, others may only get updates months after threats have been identified. And that’s not good enough!

Whenever you buy goods, the Consumer Guarantees Act (CGA) states they must be of acceptable quality – so fit for purpose and last a reasonable time.

Any device sold as new (even if it’s a previous year’s model) that connects to the internet but doesn’t receive security updates isn’t of acceptable quality and should, in our view, be covered by the Consumer Guarantees Act.

Operating system updates

A Consumer member contacted us about a tablet she bought a year ago. It was running Android 5, but hadn’t received an update and would no longer run her banking app. It’s a common problem with devices running old operating systems (OS): apps get updated, but the system running them doesn’t, so they stop working.

Unlike iPhones, where Apple sends out updates to as many models as it can, older Androids don’t get the option to update.

The latest Android OS is version 8, released last year. In an online search we found phones running Android 6 (released in 2015) and, in one case, Android 5 (released in 2014) being sold by telcos and retailers.

Security updates

The good news is Android devices with old OS can still receive separate security updates. These are more common, with some newer phones receiving them monthly. However, research by Security Research Labs in Germany found a “patch gap”.

“In many cases, certain vendors’ phones would tell users that they had all of Android’s security patches up to a certain date, while in reality they were missing as many as a dozen patches from that period – leaving phones vulnerable to a broad collection of known hacking techniques.”

Google, Samsung and Sony phones were most likely to be up to date.

The problem is, getting updates out is a difficult process to speed up. All updates are created and released by the manufacturers, then tested by the telcos to ensure they are safe to release.

What we’re doing

While speeding up the release of updates would be the best scenario, this is practically impossible owing to how many parties and devices are involved.

We’ve spoken to the major telcos – Spark, Vodafone, and 2degrees – and while all three say they’re committed to helping their customers stay safe, we think there is more that can be done.

We are proposing consumers be told at point of sale if their device is running an older OS, and warned that it may not receive updates. Spark was the only telco to say it had reviewed its devices and was happy to work with us on this issue. We will keep you updated on our progress.

What you can do

Your first, and easiest, step is to update your phone whenever possible. Updates to your phone (or tablet or computer) are essential for the smooth running and security of the device.

To check if an update is available:

  • Make sure your WiFi is on, in case you need to download a file.
  • Go to device settings.
  • Select “System” or “About phone” (this can differ from phone to phone).
  • Under “Update” or “System update”, you can see if an update is available.

In “About phone” you can check which version of Android (or iOS) you’re running. On Android phones, you should be able to see when the last security update was applied.

If you’re buying a new phone, check which OS it’s running. Remember, older systems might not run the apps you need.

Member comments

Get access to comment

Richard S.
01 Jul 2018
OnePlus with Oxygen and Xiaomi On 8.0.0

My wife and I are happy that our two mobiles continue to be updated as she had been bitten by an IPhone model becoming software obsolete in the past.

Also, I was badly bitten by an Apple Ipad in the early days. It was an First Generation model and after four or so years it would not update to the next level and gradually Apps would not work on it. Fortunately its replacement IPAD Mini 2 still continues to get updates and will get IOS 12 OK.

G J M.
10 Jun 2018
Galaxy 5

I just checked my mobile and it's operating Android 6 last downloaded on 18/2/17even though I had it on automatic download. So this doesn't sound good, does it? So what's my next move to get it up to date?

Consumer staff
18 Jun 2018
Re: Galaxy 5

Hi G J M - thanks for your comment.

First check when the last security update was. It should be in roughly the same place you found the info on Android version. Hopefully that’s been updated more recently. If you want to update the operating system you may have to find the files online and do a bit of DIY.

Cheers, Hadyn - Consumer NZ technology writer

Paul W
02 Jun 2018
Updates are fine if you can get them

My wife has a Chinese Miezu Note 2 that she bought about 2015 from PB Tech . It's had one update in that time and running on Android 5.1. I don't think she's had an update since then not even security ones. If you want updates stick to know brands that will give you at least security updates and you don't have to pay anything like a thousand dollars for a new phone . You can get good ones for $400 plus. My $399 Motorola G4 Plus still gets updates.