The cost of privacy: 3 years support for high-end Samsung phones, but what about the rest?

Samsung now offers 3 years of support for their most expensive models, but cheaper phones are still left out of the equation.

Key points
  • We challenge Samsung to provide updates to all their customers, including those with the cheapest devices not just their flagship models, for at least 3 years.
  • Manufacturers such as Samsung should provide clear details about how long they anticipate they will support devices at the point of sale, so consumers are informed when their devices will no longer be supported.
News & Analysis

Samsung has announced that the company will commit to providing major software updates for three generations of the Android operating system, but only for its flagship models: the S10, S20, Note 10 and Note 20.

From our reading of the available information, this means that these models will be getting support, including the latest operating system, features and security updates, for three years (as new Android operating systems are released every year).

While this is welcome news, it only applies to Samsung’s top models and most expensive phones.This benefits whoever owns those specific models, which retail at between £650 and £1,179, but not the rest of Samsung’s customers. It’s disappointing that Samsung is not rolling out the same security updates for it’s cheaper models.

Privacy is becoming a luxury that is not offered to people who can only afford cheap phones. And it must stop.

Our case study of the MyPhone, obtained from the Philippines for USD$19, shows how data exploitation and poor security is often built into these devices. This is an unacceptable cost to bear for a device that people rely on and trust to keep their personal data safe.


Privacy International and over 50 other organisations have submitted a letter to Alphabet Inc. CEO Sundar Pichai asking Google to take action against exploitative pre-installed software on Android devices.

MyPhone is not a random manufacturer that happens to be using the open source Android OS, but an official Android certified partner. PI, along with several other organisations, is currently pressuring Google to take action against this kind of exploitation in Android certified devices. Google should refuse to certify a device where manufacturers or vendors have attempted to exploit users in this way, while making use of the company’s credibility.

Our demands are not without echos, the Android users community has stepped forward to demand that Google provide 5 years of support and updates for their Pixel phones. The hope is that, if Google takes this step, other phone manufacturer’s will follow their lead and extend product support for five years.

Google was the first company to commit to three years support for their pixel phones, and Samsung’s announcement only follows this precedent.

“We thought three years was great because nobody else was offering it. In hindsight, we shouldn’t have looked at it this way. Google controls Android and its update cycle, and in this regard, it has no competition. Google offering only three years of updates for a phone whose software was written by another part of the company is actually ridiculous.”
Jerry Hildenbrand for Android Central

While this is a move in the right direction, and other phone manufacturers should follow their lead in extending support for a minimum of 3 years, companies need to make sure these safeguards are in place for all their models.

Keeping current with system updates is the single most important thing a company can do to keep your phone safe and performing at their best. Software updates are important because they often include critical patches to security vulnerabilities. In fact, many of the more harmful malware attacks we see take advantage of software vulnerabilities in common applications, like your operating system. These programs require regular updates to keep safe and stable.

We’ve seen many low cost android partner phones that are being sold with out of date versions of the Android Operating Sysytem, that are filled with serious known vulnerabilities, which have been patched in subsequent versions.

So while this is a welcome first step, PI is not impressed by Samsung’s announcement. Even though providing support for some models is better than no support for any model, the announcement is still deeply elitist.

It is ultimately a public acknowledgment that cheaper phones don’t deserve the same high security and privacy standards as more expensive device. Device manufacturers need to provide decent support for all their phones to ensure the security and privacy of all their users, these necessities should not become a privilege. Samsung should be making these commitments for all the devices it manufactures and sells. Updating and patching shouldn’t be dependent on the price tag of a product.

This isn’t a Samsung specific problem - too many phone manufacturers think that people that buy their cheaper phones deserve less privacy and less security than people who buy their most expensive models. This is simply untrue. Privacy and security are a minimum standard not a luxury add-on.