The German federal government has approached the European Union with an initiative to oblige mobile phone manufacturers to release software security updates and ensure the supply of spare parts for seven years. This is two years longer than previously proposed by Brussels itself.
With a mandatory five-year security update cycle, smartphones are essentially on par with full-fledged PCs. Both initiatives, as expected, did not meet with support from the manufacturers themselves. DigitalEurope, which includes Apple, Google and Samsung, is proposing a support period of just three years. In addition, manufacturers want to keep only displays and batteries on the list of mandatory spare parts, believing that components such as cameras and speakers are less vulnerable. Simply put, DigitalEurope is not interested in such changes.
Today, Apple has set the longest support period for its products – it is already 5 years, while manufacturers of Android devices are traditionally limited to 3 years. In 2021 alone, Samsung increased the timeline for the release of security updates for its products to 4 years, and this was done solely due to Qualcomm’s update policy.
The European Union’s initiative may gain the force of a legal norm by 2023, and it is due not so much to concern for consumers as to the environmental agenda – phones simply have to work longer. And if the relevant law is passed, the lifespan of mobile devices could practically double – today, manufacturers offer an average of 2.5 to 3.5 years of support.
Still, this initiative can have a positive impact on the entire segment of mobile security as a whole. According to StatCounter, in August 2021, 40% of Android users worked with 9 Pie systems – that is, a very large proportion of devices either no longer receive security updates, or are very close to it. Longer support times will make it harder for cybercriminals, who often launch attacks using known vulnerabilities in legacy devices.