Pre-owned mobile phones offer a sustainable solution to a growing electronic waste problem but as many as three in 10 mobile phone models for sale on second-hand sites could be at risk of being hacked because they are no longer supported by the manufacturer, according to a new Which? investigation.
Consumers who want to make a sustainable choice or who don’t want to pay the steep price of many modern premium mobile phones may want to choose a pre-owned, refurbished version instead. Keeping devices in circulation in this way helps the environment, but with some phones losing important update support after a little over two years, this leaves future owners potentially using unsecure devices.
In a survey, the consumer champion found that most respondents (62%) said that they think a mobile phone is broken down for parts when it is sent for recycling, but in an investigation Which? found most phones are actually resold.
Looking through the listings on three popular mobile phone recycling websites, Which? found all were reselling mobile phones that, unknown to customers, are vulnerable to hackers because manufacturers can stop providing vital security updates after a couple of years.
Some of the phones being resold that are no longer receiving security updates include the Apple iPhone 5, Google Pixel XL, Huawei P10, Samsung A8 Plus (2018) and the Samsung Galaxy S7.
Which? found that almost a third (31%) of the mobile phone models on sale at second-hand goods chain CeX could be vulnerable because they are no longer supported by security updates.
This also applied to a fifth (20%) of the models Which? found on Music Magpie and one in six (17%) on SmartFoneStore. Both told Which? that these only accounted for a very small percentage of sales.
In response to the Which? investigation, Music Magpie has removed the unsupported devices Which? found from sale. It also says that going forward, it will provide information to consumers if a product is no longer receiving security updates.
SmartFoneStore also issued an update, adding a warning on unsupported devices so consumers are aware before they buy them. CeX did not provide a comment.
Recently out-of-support devices might not immediately have problems, but without security updates, the risk to the user of being hacked is increased. Generally speaking, the older the phone, the greater the risk.
The lack of robust, sustainable solutions for the disposal of mobile phones is an ongoing concern. With effective options in place to resell pre-owned devices, the potential is there to prolong their lifespans – but until manufacturers offer complete transparency about how long devices will be supported, and those offering only a couple of years of support do better, it is more difficult to take advantage of these services without putting consumers at risk.
Kate Bevan, Which? Computing editor, said:
“Keeping mobile phones in circulation for longer is better for the environment but it shouldn’t come at the cost of customer security. Unless manufacturers become more transparent, and those offering vital updates for only a couple of years do better, there is a risk that second-hand phones will be vulnerable to hackers or end up dumped in a landfill site.
“If your mobile phone is no longer receiving security updates you should consider upgrading as soon as possible. While you continue to use an out-of-support device, you must take steps to mitigate the risks – including using mobile antivirus software, managing app permissions and only downloading from official stores.”