Yet Another Cycling Forum

General Category => The Knowledge => Ctrl-Alt-Del => Topic started by: fruitcake on 03 August, 2019, 06:40:53 pm

Title: Risks of using an unsupported phone. Educate me about this.
Post by: fruitcake on 03 August, 2019, 06:40:53 pm

I'm trying to get some clear info on the types of risks associated with using an old smartphone whose OS is no longer supported. The phone would be used for calls, SMS and for reading emails received at a paid-for email account (to be accessed via the phone's email client with IMAP). Those emails would be received via 3G and via wi-fi at a workplace. (EDIT to add: Email hygiene rules would apply on this device, i.e. ignoring attachments, ignoring links, ignoring unknown senders.) No other functionality of the device would be used. No web browsing.

I've heard various opinions. Some say 'it's OK as long as you don't use the web browser', others say 'it's unsafe to use an out of date phone'. I've found it difficult to find info on exactly what the risks are for this use case. The candidate phone is a Samsung Galaxy Ace (running Android), but I would value generic advice since other handsets are potential candidates (and I assume each of these is no longer getting OS updates).

I understand that a smartphone is a computer and that any computer is vulnerable to viruses and spyware after the OS has reached end-of-life. Is this mitigated by not using the web browser? Does the use case outlined above (calls, SMS, email client) mitigate the risks? Or is there more to it that this?
 

Title: Re: Risks of using an unsupported phone. Educate me about this.
Post by: hubner on 03 August, 2019, 09:05:48 pm

Quote

...any computer is vulnerable to viruses and spyware after the OS has reached end-of-life.

It would be more accurate to say that an os that is out of support won't get any patches for newly discovered vulnerabilities. Any OS is vulnerable to viruses and spyware at any time.

I still sometimes use laptops running Win XP or Ubuntu 12.04 (from 2010 I think) and it doesn't bother me the slightest.

I've got a Samsung Galaxy S (the first one, 2009 I think) but the browsers on it hardly work now. So I also carry a Motorola E3 (2016) as a mini computer but not for calls, the phone is on a factory reset with no OS updates.

No web browsing would lessen the risks but emails can install malware.

Title: Re: Risks of using an unsupported phone. Educate me about this.
Post by: fruitcake on 04 August, 2019, 09:12:50 am

Quote from: hubner on 03 August, 2019, 09:05:48 pm

...an os that is out of support won't get any patches for newly discovered vulnerabilities. Any OS is vulnerable to viruses and spyware at any time.

Yep. Good clarification.

Quote from: hubner on 03 August, 2019, 09:05:48 pm

...emails can install malware.

Good point. 'Email hygiene rules' would apply in this case. (i.e. not opening messages from unknown senders, not opening attachments, not following links.)