back to article In the market for a second-hand phone? Check it's still supported by the vendor – almost a third sold are not

An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving punters at risk of being hacked. The publication found that 31 per cent of all phones sold via CeX no longer receive security patches. For musicMagpie and …

  1. msknight

    Scratching my head

    This linking the hardware and the software does puzzle me a bit. I've got one of the original Sailfish phones from 2013 and it still receives the patches.

    To my mind, this is a problem with the way that phones and their operating systems are put together in the first place. It seems to be a problem that could easily be designed out of the process. I still don't really see the justification in stopping updates going to older phones.

    Can someone educate me as to why phones go out of support?

    1. Captain Hogwash

      Re: Can someone educate me as to why phones go out of support?

      In order to force people to buy new ones. Manufacturers make money by selling phones, not allowing you to use them until they break.

    2. I ain't Spartacus Gold badge

      Re: Scratching my head

      msknight,

      I think there is some justification - in that phone chipsets aren't standardised in the way that PC architecture has been. Which means that it might be more work for the phone manufacturer than just, get Google's latest version of Android and apply to whatever skin/launcher they've put on the thing.

      I could be wrong here, but I understand that sometimes the OEMs may need software updates from the chip manufacturers - that they're also not doing. Although if they had the will, they are the customer so could have put it into their contracts - or paid for after-sales service.

      Obviously it would be even simpler had Google refused to allow all the vendor customisation (or usually buggering up) of Android - so they didn't have the excuse of not having the resources to apply the patches to the crapware they'd already dropped on their phones. Alternatively Google could just have forced vendors who customised to guarantee 4 years of patching, or no Google Services for them. But Google's record on supporting their own hardware is only about 2-3 years, so they're not exactly paragons of virtue here. Let alone the shit they get up to with end-of-lifeing their IoT stuff.

      Google decided to take the easy route and partially get round the problem by shoving increasing amounts of the functionality into Google Play Services. This has the twin advantage that they control the updates, so at least your Chrome browser and other Google apps are up-to-date. And also that Google now have more control of Android, because the open source bits don't have Google Play Sservices - and it's therefore much less valuable without Google. As Huawei may find trying to sell phones into Western markets - obviously de-Googleified Android dominates the Chinese market.

      1. Anonymous Coward
        Anonymous Coward

        Re: Scratching my head

        Vendor customisation is not the issue. As you point out, the hardware isn't standard, and specific hardware needs specific software, which has to be compiled especially for the hardware.

        So, it's the drivers and stuff that are the reason updates are exclusive to the phone - if that wasn't the case, you could simply update over any vendor customisation such as wallpapers, launchers, installed apps, 'settings' interface/functionality etc.

        Google supposedly remedied this - from the release of Android Orio onwards, all hardware designs are meant to decouple the drivers and low level firmware etc. from the upper level android OS. Basically, this means that whilst the hardware may be non-standard, the hardware interface that android sees is unified. Hence, all such devices should work with the generic OS updates/patches.

        That's the theory . It's called "Project Treble" (https://android-developers.googleblog.com/2019/10/all-about-updates-more-treble.html, but I've yet to see it work in practice!

  2. hmv Silver badge

    LineageOS?

    It would be a nice gesture if these second hand phone sellers were to contribute in some way to LineageOS or equivalent - it's even in their business interest to do so.

    1. goldcd

      Re: LineageOS?

      Unfortunately not always the answer.

      e.g. I had an old nVidia tablet that stopped receiving official support, so switched to Lineage. Was a bit buggy, but was now getting updates - and then Lineage dropped support. In the end just went back to the working, if old, stock OS.

      Maybe one approach would be to allow you to pay for specific items to be supported.

      e.g. I pledge a £1 a month to support device xyz, and if somebody commits to supporting it, they get that shiny pound of each user each month.

    2. Lee D Silver badge

      Re: LineageOS?

      LineageOS's problem is not volunteers.

      It's that you need intimate and hardware-level knowledge of the device, with suitable drivers, complete functionality, access to secure bootloaders and boot partitions, several devices of each type to test with (okay, they may be able to help there), and lots of potentially-damaging experimentation to get to the point that you can *see* anything on the device, let alone make all the third-party components like cameras, etc. work properly.

      LineageOS doesn't really fully support many models at all, and the ones it does are essentially random based on hardware support and software driver availability. Do you have a driver for an obscure, Samsung-phone-only part that only exists in one phone and provides, say, fingerprint reading via the secure enclave? No? I'm sure we could just ask Samsung for it...

      LineageOS is a LOT of hard work. No way that even a commercial entity is going to be able to fund or help that in any significant fashion, especially not for even a handful of models going forward onto years-in-the-future OS which won't really work with you (Google aren't going to help out LineageOS any time soon, because then they'd lose control of Android).

      It's like Coreboot and other things along that ilk. Complicated. Technical. Working in the dark. No support. Never fully supporting everything. Hindered by basic security. Able to trash the machine permanently at the first mistake. Undocumented.

      Throwing a couple of old phones, and even funding a couple of people's salary to do it 40 hours a week, isn't going to make a dent in it.

      I have a LineageOS phone. I did it to my S4 Mini, which has a great IR blaster, which I use to turn my gadgets on. That's it. The camera is unreliable, the Wifi isn't great, some of the features don't work at all, and it's 3 or 4 versions of LineageOS behind now, and even then it's "unofficial" LineageOS from a forum post that I didn't care if it worked or not as the phone was headed for the bin anyway. It's never been updated since.

      Pretending that LineageOS is the solution to this is crazy. It's just a bunch of amateurs hitting on Android code trying to get it to load on devices without any support whatsoever. They are just as far behind on security updates and OS updates on many models as the official Android for that device, and take out your warranty etc. in the meantime.

      There's no business interest there for a reason. They'd end up with a bunch of LineageOS'd phones that were still out of date and couldn't be updated, but where several features of the phone didn't work at all, and they'd be "responsible" because the base Android could have supported them - so when are you going to fix it?!

      1. Adair Silver badge

        Re: LineageOS?

        Mmm, not sure I completely go along with your gloomy description of Lineage, although I have no doubt that for a certain percentage of devices what you say rings true.

        But, other experiences are available: my Oneplus 5T switched over to Lineage fairly painlessly, although there was a moment when it appeared to be a brick, but then some hours later miraculously wasn't. Putting that to one side there was no need to go through a painful process of defining and testing every single component/driver - the installation process (buttock clenching glitch aside) basically 'just worked'.

        I would never recommend installing Lineage, as it is currently offered, to anyone not reasonably IT competent and willing to kiss goodbye to the value of the target device. OTOH the process is not always difficult and the results, at least in my experience, are thoroughly worthwhile.

  3. Dave Pickles

    If the OS isn't supported, install one that is!

    I picked up my current daily-use phone from one of the second-hand sites for a quarter of its original list price and installed LineageOS.

    Taking unsupported phones off the second-hand market is just adding to landfill.

    1. Captain Hogwash
      Unhappy

      Re: If the OS isn't supported, install one that is!

      Great idea! I've used CyanogenMod/LineageOS and other custom ROMs since my first Android phone - the original Samsung Galaxy S. That was the phone that woke me up to so many problems such as long term support, e-waste, surveillance capitalism, etc. Since then I've ensured every new phone I bought could be immediately reflashed with CM/LOS as soon as it was out of the box. Unfortunately the vast majority of phones talked about in the article are not owned by Reg readers or those of a similar ilk. If I try and explain any of this to "normals" their eyes glaze over and they collapse as their bored brains take leave of their bodies. So sadly, most people won't even do what the article title says, let alone your suggestion, and the problems will continue.

    2. The First Dave Silver badge

      Re: If the OS isn't supported, install one that is!

      The second-hand sellers really aren't relevant at all to this problem - the lack of ongoing support applies just as much to first-hand phones.

  4. IGotOut Silver badge

    Not supporting updates?

    Chances are 75% of the Andriod phones in use don't either. All that removing them from the market does is give people the choice, pay more or take your chances on the likes of eBay, where it may be knackered or stolen.

    Rather than the likes of MM stop selling them, just say its no longer supported.

    Comment written on a phone bought 2nd hand from MM and hasn't had an update in years.

    1. tiggity Silver badge

      Re: Not supporting updates?

      Indeed,

      Once did an emergency purchase of a new cheapo android (existing phone expired) on holiday in UK so from a phone shop.

      The phone never received any updates (this was a ZTE, and cannot recall its android version but it was a few behind "current" at the time).

      Not an issue for me as when back home ordered a "proper" phone & emergency phone just used for calls & texts to family while on holiday so any security issues would not do much harm.

      I'm sure this was not an isolated case, probably lots of "new" stuff in shops that's quite old and been gathering dust and is out of support (or manufacturers CBA to support)

    2. DS999

      Re: Not supporting updates?

      Chances are 75% of the Andriod phones in use don't either

      Exactly. I don't know why they would consider this to be a big problem for used phones when the majority of the Android phones in use are no longer receiving updates.

      If there were places selling NEW phones that were already unsupported software-wise I would think that's terrible, but if they can't sell used phones that are no longer supported they'd have to throw most of their stock older than two years in the landfill.

  5. imanidiot Silver badge

    What's the point?

    You check it's supported today, tomorrow the manufacturer announced it drops support effective immediately (and the last update they pushed was 9 months ago)

  6. gnasher729 Silver badge

    With iPhones: The iPhone 6s is the oldest one that gets new OS versions (iOS 13). But older phones with iOS 12 are still getting security updates.

    And generally, it's nice if you get updates, but if money is tight, an older phone that isn't "supported" will usually still be working just fine.

    1. gnasher729 Silver badge

      I forgot: There is an article somewhere that some phone network will stop supporting phones with certain old hardware altogether. In that case, you are stuffed as far as phone calls are concerned. You still have an audio and video player, games console, photo and video camera, and with WiFi you can get on the internet and probably make calls somehow. So as long as you’re told, that old phone might still be useful.

      1. werdsmith Silver badge

        You mean phone networks abandoning 2G? That's car fuel makers abandoning leaded petrol.

        1. Jeffrey Nonken

          https://www.google.com/amp/s/www.houstonchronicle.com/techburger/amp/Once-the-first-useful-mobile-data-network-3G-is-15446398.php

          Also networks abandoning 3G.

      2. Anonymous Coward
        Anonymous Coward

        I suspect that, if certain governments have their way and force Apple to open iPhones to all and sundry, they will go the same way. As it is, old iPhones (back to 6S at least) get regular patches but I see Apple being forced to allow other app stores access - and then get complaints from users when their phones don't behave as intended.

        Apple is far from perfect but, insofar as privacy and security goes, their stuff is probably as good a the average punter will get. Expensive kit to buy at the start but it the overall cost of ownership (if you don't always chase the latest) is probably good value.

  7. Pascal Monett Silver badge
    Flame

    "beyond the predetermined lifespan of a product"

    And just what is the "predetermined lifespan" of a mobile phone ? Six months ?

    The only valid predetermined lifespan is the amount of time the hardware is supposed to be usable. For me, that is anywhere from 10 to 15 years - supposing your battery can be replaced.

    It is obvious that the makers believe that a phone's lifespan is the time until the person buys a new one, ie 2 years on average I'll guess. Which also means that the phone makers completely ignore the resell market. How nice.

    Well guess what : I have my Galaxy A3 since 2017 and I'm not changing any time soon.

    Phone support needs to update their update strategy.

    I have a cluebat to help.

    And if that is not enough, I propose a law that states that as long as there is one item still connecting to the network, the maker of that item is required to provide updates.

    We're not talking cars, we're talking everything electronic. You made it, you support it until the day nobody uses it any more. Don't come whining about cost - you sold it, you support it.

    1. Roland6 Silver badge

      Re: "beyond the predetermined lifespan of a product"

      >Which also means that the phone makers completely ignore the resell market.

      Just like the car makers, until they discovered lease purchase and realised that they could sell the same car multiple times over its life.

    2. Jurassic Hermit

      Re: "beyond the predetermined lifespan of a product"

      "You made it, you support it until the day nobody uses it any more. Don't come whining about cost - you sold it, you support it."

      Good point. I'm having trouble finding anyone to support my papyrus and abacus devices. Those bastard Ancient Egyptians just didn't care about supporting the users! I think I'll sue Mr Mubarak or whomever is in charge these days.

  8. Anonymous Coward
    Anonymous Coward

    for manufacturers to open-source old code

    this is not going to happen, unless they're forced by law. And even forced by law isn't going to stop them, unless backed by fines. And even fines aren't going to stop them, unless they're BIG fines. And even big fines aren't going to stop them, unless the process to apply those fines is quick. And the "quick" isn't going to happen (I know me intellectual rights and I have the finest lawyers to prove it. Over the next 10 years, in court).

    It would be a beautiful world indeed if both processes were tied together, i.e. the moment they stop supporting a handset, they're forced to release the code. In real world, fewer and fewer android handsets can be rooted (by willing owners, not by the 3-letter-agencies and other bad guys)

    1. gnasher729 Silver badge

      Re: for manufacturers to open-source old code

      I don’t know about Android, but on iOS devices you’ll need a signing key for any update to be accepted by the phone. And that is essential security, to avoid malware to be installed. Even older original iOS updated are not signed anymore, since hackers might have exploits against an older version which has since been fixed, and you don’t want them to be able to remove these fixes.

      Now if you had the source code for the last iOS version running on an iPhone 5 (that would be the newest iPhone without security updates), Apple isn’t going to hand you over signing keys. That would be madness. And how many people would be interested in a new version?

      1. werdsmith Silver badge

        Re: for manufacturers to open-source old code

        iPhone 5, a 2012 phone. I know there are some of them still in use as I've done a battery and a phone in them recently.

        1. Anonymous Coward
          Anonymous Coward

          Re: for manufacturers to open-source old code

          My teenagers use 5c's (2013 iOS 10) sourced from CeX. They've been reliable and easy to replace when screens get broken or batteries fail. Daughter's current phone recently survived being dropped into a lake...

    2. I ain't Spartacus Gold badge

      Re: for manufacturers to open-source old code

      You don't need fines. You simply give consumers the right of return on all goods not receiving updates purhcased within the last 5 years. That right is with the shop the goods were purchased from, and if bought by credit card in the UK, then the card companies are jointly liable.

      Then the phone companies and shops will have an incentive to only sell items with that guarantee - and thy're taking the risk of lack of support costing them a fortune if not.

    3. Mahhn

      Re: for manufacturers to open-source old code

      "this is not going to happen, unless they're forced by law."

      no, you are just giving dictators more control.

      Consumers drive the market, stop buying junk and they won't make it.

      So long as people will buy junk, companies will make it.

      This is your choice, and yes stuff that isn't cheep does cost more.

    4. MachDiamond Silver badge

      Re: for manufacturers to open-source old code

      Yeah, not going to happen. The latest version of Android is the last version of Android with more bugs and a flag that makes it not install on an older phone. The phone maker gets money for selling new phones and Google gets money from selling new Android licenses.

  9. Alan J. Wylie

    "most people are limited to cheaper models, which in general have a shorter time"

    Another instance of the Captain Samuel Vimes 'Boots' theory of socioeconomic unfairness.

  10. Packet

    Say what you will about Apple...

    But you have to give them this - they do not sell unsupported phones.

    I do find it legally contentious that any manufacturer can sell a phone without any support

    1. gnasher729 Silver badge

      Re: Say what you will about Apple...

      That would be used phones. Like an iPhone 4 from eBay, going rate about £40, which is not supported.

      1. Packet

        Re: Say what you will about Apple...

        I see your point - I misunderstood the 'used' / second hand aspect (mea culpa)

        So to start afresh, caveat emptor applies here - with the onus firmly on the buyer.

        However, the used phone would likely have limited usage scenarios - though from a security perspective, an Apple product would likely be less vulnerable than an Android device.

    2. Roland6 Silver badge

      Re: Say what you will about Apple...

      But all phone manufacturers do sell phones with support, just that the support is for product defects not software updates.

      Which? clearly have failed to understand the problem, namely the need to update the sales of goods act to include software updates (along with a consumer friendly method of checking for updates and installing.

  11. Hubert Cumberdale

    I like how...

    ...my Nokia 105 doesn't really have software to speak of. The buttons are beginning to wear off a bit now, though.

    1. Roland6 Silver badge

      Re: I like how...

      Unfortunately, the soft buttons on my Nokia 6310i have rotted and gone all sticky - looks like time for a clear out.

      1. Dan 55 Silver badge

        Re: I like how...

        There are replacement 6310i cases and buttons from your favourite online tat bazaar at reasonable prices.

    2. Thoguht Silver badge

      Re: I like how...

      I can assure you that it does have software. Even worse, many phones these days have 2 operating systems, one for the phone itself and a completely separate one that runs on the actual GSM chip (I know this because I had to help debug one once).

      1. Hubert Cumberdale

        Re: I like how...

        Yeah, but, I'll never be at much risk by not updating it... although I'd love it if they could update the predictive text to actually make sense of apostrophes.

      2. Dan 55 Silver badge

        Re: I like how...

        Don't know about the new Nokia dumbphones but the old Nokias (smart, feature, and dumb) only had one OS which did everything.

  12. The Dogs Meevonks

    This is why budget/mid range phones are normally better

    I try to take my security seriously. So that means checking out any vendors products before buying.

    My current phone is a Motorola One, it's got 3yrs of security updates and at least 2 OS upgrades... that should be good enough as I tend to keep my phones between 2-3yrs on average these days. I buy them new, or slightly used via Amazon warehouse... when I pay on average 25% under normal price. The maximum I've ever paid for a phone is £206... no contracts... no deals... I buy a phone and pay giffgaff £10 a month for unlimited calls/texts and 6gb data.

    There's no need nor reason to really have much more... the phone is quick enough, has loads of ram and storage and has an mSD cared slot so I've added an extra 128gb card to the 128gb onboard. It's more than enough room for the 150+GB of mp3's I have (average 192-320 bitrate).

    1. Hubert Cumberdale

      Re: This is why budget/mid range phones are normally better

      I can't argue. I agree with you. I even upvoted you. But I somehow find your impromptu specificity slightly unnerving.

    2. Roland6 Silver badge

      Re: This is why budget/mid range phones are normally better

      >My current phone is a Motorola One, it's got 3yrs of security updates...

      You are aware that the current version of this phone does not have Android One.

  13. David Pearce

    3 years from when?

    The Android 3 years is from initial product launch, so many are sold new with only a year or so support left.

    The original Motorola One came out in August 2018 so one year left, The Motorola One+ in June 2020

    1. Mike Moyle Silver badge

      Re: 3 years from when?

      At the very least, I think that software upgrade support should cover five years from the date that a product becomes generally available or three years from the date that the product goes off the market, whichever is greater. This should be required of the manufacturer and, if sold through a network provider, of that provider IF they alter or in any way change the manufacturer's software installation. That is: If $PhoneCompany makes their own installation of Android + bloatware (and/or "recommendation" popups suggesting that the user install their cruft), they are required to fully support their full software installation -- including their Android installation -- for the mandated time. Of course, if they DON'T make any changes from the stock Android install and don't require adding any bits and bobs later "to get the full $PhoneCompany experience", then they're off the hook and the responsibility falls back to the manufacturer.

  14. katrinab Silver badge

    It is worth pointing out

    That the iPhone 6 still gets security updates, just not feature updates.

    My Mid-2010 MacBook Pro still gets security updates.

    1. RM Myers Bronze badge
      FAIL

      Re: It is worth pointing out

      And my HP laptop from 2008 is running Windows 10 and still getting updates. If I so chose, I could also easily install Linux on this laptop (with the loss of one accessory I don't use anyway) and get security updates. My last two phones before the current one, both in the last 8 years - no way. No support from the vendors, and no alternative OS's for these models. The Samsung, in particular, only got just over 1 year of security updates.

      This is just a disgraceful waste of resources. EPIC FAIL.

      1. Roland6 Silver badge

        Re: It is worth pointing out

        >And my HP laptop from 2008 is running Windows 10

        Hope you still have a drivers disk (CD recommended).

        Encountered a problem with a bunch HP business desktops from circa 2012, they run W10 1909 just fine if they were upgraded from W7. However, on a few I did a clean install of W10 1909 and discovered that W10 1909 didn't include drivers for some USB and LAN chipsets widely used back then...

        1. RM Myers Bronze badge

          Re: It is worth pointing out

          Drivers has been the biggest issue. Currently, I'm on 1909 and have to use the Microsoft Basic display driver since neither NVIDIA nor HP, have updated display drivers. However, the MS driver supports the native resolution of the monitor (which is definitely not always the case), and I'm not using it for gaming, so this isn't a problem for me. Drivers are also the issue for Linux, but again there are, with one exception, drivers that will work but with reduced functionality, at least according to what I found on the internet when I was looking at that as a future option.

      2. Roland6 Silver badge

        Re: It is worth pointing out

        >And my HP laptop from 2008 is running Windows 10 and still getting updates.

        Hope you still have the original media and drivers disks...

        Upgraded a bunch of HP business desktops from circa 2012. Those that had a fully uptodate W7 install upgraded without problem to W10 1909 and continue to run. However, a small batch I tried doing a clean install of W10 1909, all went well until it couldn't connect to the LAN, then I discovered that 1909 didn't include drivers for certain USB and LAN chipsets that were widely used back then...

  15. JavaJester

    Expiration Date?

    A good first step would be to require the manufacturer to set an expiration date for when they will no longer provide patches for the phone. The manufacturer and seller would be required to prominently display this date. For starters, it should be required to be on the manufacturer's website, the box or other consumer materials (including ecommerce product information), and in the information section of the phone itself. In the event support is not provided up to the expiration date, the owner is entitled to a cash refund of the prorated amount purchase amount (up to the retail list price) remaining to the expiration date.

    This might motivate the ecosystem to make changes to allow say Google to support the phone by better hardware abstraction. Making this a more "in your face" issue may allow the market to do its thing by having longevity be something companies compete on.

    1. mark l 2 Silver badge

      Re: Expiration Date?

      I agree with this, it needs to be mandated that the buyer is clearly informed when software updates for the phone is going to stop before they purchase the device.

      If the buyer wants to then take the risk of buying a device which has short or no support then its their choice. I think it should also be required that manufactures release the boot loader keys on devices with locked boot loaders when they stop support them, so it is easier for the owner of the device to put 3rd party firmwares on such as LinageOS.

  16. MachDiamond Silver badge

    Hack my phone, please

    I just use my mobile as a phone with a couple of apps for my shopping list and calculating things. I even managed to get the carrier to shut off Text which I find a huge time waster more of the time than a useful feature. Mobiles are so easy to misplace or have stolen that I'd never put financial stuff on it. I make sure that any company I do business with that uses the number I am calling from as a form of ID has 2FA enabled. I was flabbergasted the first time a company told me that since my number was on file they could proceed with some transaction with no other verification.

    I so paranoid that I don't sign up for paperless billing, auto-pay or do my accounting on my phone. I find the old slow manual way of using my desktop and a paper workflow gives me lots of backup should a vendor insist I haven't paid when I did. It also slows me down so I look at things. I know people that have had a water leak that ballooned their bills for months without noticing since it was on auto-pay. The same things have happened to a few where a discontinued subscription or membership was still billed long after they cancelled. They just direct deposited their paycheck and set the bills up to pay themselves when due.

  17. Anonymous Coward
    Anonymous Coward

    In my day.......

    In my day, goods had to be "fit for purpose at time of purchase".

    A security issue or bug fix requiring an update therefore means the product wasn't fit for purpose, and must therefore be fixed, replaced, or refunded... None of this "1 year guarantee" bollocks.

  18. KorndogDev

    New kid on the block

    "A real Linux distribution for phones": postmarketos.org

  19. razorfishsl Silver badge

    Best phone i bought was a Nokia, virtually every month there is a core software update.....

    My Samsung , once purchased the only thing i got for 10 years was the finger....

  20. Anonymous Coward
    Anonymous Coward

    Great, thanks. They've just made it so much harder for people to sell their old phones.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020