Is it safe to use your phone after it stops getting security updates?
It's a good question with a complicated answer.
I write a lot about mobile security and privacy issues because I am passionate about it — you do the things you like to do any time you're able. I wish all the bad actors in the world would disappear in a ball of fire, but since that's not going to happen, the next best thing is that we all start to take our privacy and how secure our digital life is a little more seriously.
To be clear, I am not a cybersecurity professional — I'm a former electrical and R&D engineer who now writes words about tech. But I know enough to listen to the people who do this stuff for a living and pay attention to what they have to say about it all. I try to follow their advice, and you should, too.
One of the web's longest-running tech columns, Android & Chill is your Saturday discussion of Android, Google, and all things tech.
One of the things most of us don't take seriously enough, but those security professionals always recommend, is to keep our phones, tablets, and computers updated with the latest security patches. That's great when your device is supported, and you can click or tap a button, and it happens. Eventually, though, the companies who make our gadgets stop caring about them and no longer provide those essential updates.
I got an email from a podcast listener about that this week and realized that it's a thing nobody talks about.
"I currently have a Pixel 5 which will no longer be receiving security updates this fall, and my family members also have Pixel 3a phones that are no longer going to be receiving the security updates soon. What is your advice for these devices? Is it fine to keep using them as long as we keep our apps updated, or is it time to get a new phone?"
There isn't one good answer to this question - there are several, and none of them are really definitive except for one: Stop using it and buy a new phone.
I hate that answer for several reasons. Not everyone is in a financial position to be buying a new phone; if your current phone still works great, sending it to be recycled or to end up as e-waste seems silly, and you can keep using it if you are either very knowledgeable or very careful.
Get the top Black Friday deals right in your inbox: Sign up now!
Receive the hottest deals and product recommendations alongside the biggest tech news from the Android Central team straight to your inbox!
Doing it yourself
Some phones can be completely unlocked so we can install a new operating system on them. Android enthusiasts call these custom ROMs, but they really are a complete OS in their own right — they just happen to (usually) be built using Android as the base.
Nexus phones were basically designed for this, and Pixel phones will work once you've jumped through a few hoops. Other manufacturers make phones that can be unlocked the same way, even Samsung. You can find many good phones for rooting and ROMing.
The problem here is you're still depending on someone else to keep you updated unless you have the knowledge to do this yourself. If you're familiar with writing code or compiling software from source it's not difficult to learn, but for a lot of people, it's a hurdle they can't jump. I get that and won't come out and say how easy it is and you should just go for it. It's not easy for everyone.
Can you be careful enough? (Probably not)
The other alternative is almost as difficult and equally full of unknowns — be careful. This means not clicking links that you can't 100% trust, not installing any apps without getting them from Google Play, staying away from shady websites, and even things like not opening documents or images unless you 100% trust whoever sent them to you.
This really isn't practical, and the only way to have 100% safe habits is to stay offline, which is not very productive and no fun at all. There's no real reason to have a smartphone if you aren't connected.
Technically though, you can do it even if it's not practical and/or fun, so it's another way to keep using a phone that has known exploitable security holes in its software.
It all comes down to one thing — can you take care of the problem yourself? If you can or think you can, either by rolling your own OS with the patches in place or by exercising an appropriate amount of caution (more on that in a bit), you are fine to keep using your gadget until it falls apart.
If you can't, the only real answer is to buy a new one.
How "real" are security issues?
100% real. That doesn't mean what you think it does, though.
Very few people actually get their phones hacked. Security exploits are found by people who get paid to do nothing but look for them or by very smart people who have a keen interest in the subject. Most of the latter are good people who will inform whichever company can fix it so it gets patched in the device software.
They also usually keep it quiet until it gets patched. That means some random idiot who wants to cause trouble has to know how to find this sort of thing on their own. There are a lot of random idiots who are able to find these sorts of issues and are very smart, but the number pales when you compare it to how many gadgets are out there and how many people use the internet.
What I'm saying is they do exist and can be really sneaky, so you'll never know you're being hacked, but you're not very likely to come across them. People trying to phish your Gmail or PayPal password are plentiful because that's easy — make a fake website and send an email to a gazillion people to see who bites. Writing and implementing code exploits is not easy, and that weeds out most of the people who would love to mess with your stuff.
What I do
I've never used a smartphone long enough to reach its end of life, partially because of what I do for a living, but also because most phones aren't designed to be useful for that long. Phone makers build cheap products and software advances so fast that you almost need stronger hardware every two or three years.
That's slowly changing, and my habits are changing along with it. I use a Google Pixel 6 Pro. I like it, and it does everything I want a phone to do, so I don't want to spend hundreds of dollars on a new one. I might have to because the volume button is broken, but if I can fix it, I'll use it until it stops turning on. A Pixel 8 or Galaxy S24 isn't going to offer me anything that I need enough to buy one.
My Pixel 6 Pro will stop getting security updates in October 2026, and then I have to decide what to do. I already know my answer — I'll buy a new phone.
Not because I can't build my own version of Android and update it myself every month. I could do that, but I don't really want to. I also don't want to worry about everything I tap or look at, even though I know the odds of getting hacked are actually pretty slim. I'm cheap and hate spending money, but I'm also too lazy and too busy to futz around building my own OS.
Thankfully, phone makers are wising up and offering to keep their new models updated much longer. When you have to buy a new phone, make sure you check to see how long it's supported.
Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.
-
davinp This is a big problem with Android phones. Since Google lets the manufacturers control the updates, they chose to stop updating phones after a certain amount of time. Each has their own update policy. Too bad we don't have an Android Update the way Windows has Windows Update so that we could go and download patches when they come out.Reply
I don't like that Motorola stops providing security after the phone is 2 years old. The Moto G Power 2021 came out one early 2021 and the last security update it received was Feb 2023. But the Samsung Galaxy A32 5G which came out at the same time is getting security patches through 2025. The minimum should be 3 years as we should not have to buy a new phone every 2 years. -
Daniel Gomes Yes you can still use your phone after security updates. Most security exploits are minor and never actually seen in the wild. Android is by far the safest mobile operating system already thanks to Google going to great lengths to make Android security robust.Reply
Unless you're a very high profile person who is the target of hackers, you can safely use your device for years to come.
The battery will wear out far earlier than your security will. -
Mchangila
Is it safe as well to use a third party security solution.. I'm on a pixel 5 as well and I love the phone for it's simplicity and form factor.. but I use Bitdefender for Android as well (the paid version of it).. am I safe??Daniel Gomes said:Yes you can still use your phone after security updates. Most security exploits are minor and never actually seen in the wild. Android is by far the safest mobile operating system already thanks to Google going to great lengths to make Android security robust.
Unless you're a very high profile person who is the target of hackers, you can safely use your device for years to come.
The battery will wear out far earlier than your security will. -
fuzzylumpkin
Using BitDefender on your Pixel 5 should be both totally safe and totally pointless.Mchangila said:Is it safe as well to use a third party security solution.. I'm on a pixel 5 as well and I love the phone for it's simplicity and form factor.. but I use Bitdefender for Android as well (the paid version of it).. am I safe??
"safe" is a relative term... But your use of BitDefender won't impact how "safe" you ar, either negatively or positively. -
mustang7757 I think you should, can you get away with it possibly if you avoid shady sites and don't download APK from non trusted places but still vulnerable to the latest attacks that won't get patched.Reply -
NeilPeart For those that really care about security there is GrapheneOS - that is a much more secure version of Android that supports all current Pixel devices, and even devices Google stopped supporting (Pixel 4/4XL).Reply
https://grapheneos.org/releases
I have a OnePlus 6 and 7T in my family's rotation and I installed LineageOS on those devices to keep them going once OP stopped providing updates for them (currently running LineageOS 20, based on Android 13).
https://www.lineageoslog.com/
Personally I'll continue using Pixels and upgrade every few years or so, and always ensure 4 things:
1. Latest Android version (device/manufacturer/ROM-dependent)
2. Latest Play System updates (Google-dependent; seems to be perpetually a month behind)
3. Latest Play Store updates (and updating the store itself via settings)
4. Use Chrome or a browser that maintains version parity with Chromium (example, Kiwi and Vivaldi keep up-to-date with Chromium versions while Samsung Internet is nearly 6 months behind Chromium versions). The latest Firefox with extension support is something I will be testing as well. -
cuvtixo2
I had a Pixel 3 and, if I remember correctly, they (or their predecessor called CopperheadOS?) dropped OS support right when Google did, and the all Pixel 4's except 5G model are on special "extended support". I'm glad you're happy with this alternative, but they're highly dependent on Google for Pixel models. And their attempt to build a commercial CopperheadOS company failed with a bit of drama. If they get it running on one or two more models from different companies, I'll look back into it.NeilPeart said:For those that really care about security there is GrapheneOS - that is a much more secure version of Android that supports all current Pixel devices, and even devices Google stopped supporting (Pixel 4/4XL).
I have a OnePlus 6 and 7T in my family's rotation and I installed LineageOS on those devices to keep them going once OP stopped providing updates for them (currently running LineageOS 20, based on Android 13). -
Windroid 2483 Concidering how many Android phones don't get security updates promptly (if they get security updates at all), the question becomes "Is it safe to use Android?".Reply -
Jack_Howlett
It's not as safe as it once was, but it's not necessarily dangerous either. Phones stop getting security updates eventually as companies focus resources on newer models. Just be aware of some increased risks. Without updates, your phone will no longer receive fixes for newly discovered vulnerabilities. Over time, hackers may figure out ways to exploit older unpatched software. So your phone is more at risk of malware, hackers, etc. compared to phones still receiving updates. However, most people don't tend to directly experience issues. Phones aren't automatically hacked just because updates stop. If you stick to downloading apps from official stores and use common sense online safety habits, the risks remain relatively low for normal usage.AC News said:Once your phone reaches its end of life and it stops getting updates from the company that made it. should you stop using it?
Is it safe to use your phone after it stops getting security updates? : Read more