Android Security Question

[rdpinr]

Hello. I have a question for those with experience in cybersecurity. I have selected and ordered a factory refurbished Samsung S21 Ultra phone, but at this time, I am still using my Samsung S9+ that I purchased in 2018. I enjoy the conveniences of technology, and I do well over 90% of my banking and financial transactions with my phone using various banking and credit card apps, including Samsung Pay. I never connect to public wifi because I never have any cellular data problems. If I DID need to connect to public wifi, I have free Proton Mail VPN installed and ready to use.

So, I just learned yesterday, (by accident, actually), that Samsung stopped supporting the S9. I checked my phone's update history, and sure enough, I haven't received a security update in almost a year.

I know that this is not a good thing, and you now have an idea as to how I use my phone. Is this something I should be seriously concerned about, or is it not that big of a deal?

The main reason why I ask is because the S21 Ultra is Samsung's 2021 model (I know you knew that!). It's factory restored, but that doesn't change the fact that the model is going on two years old now. I'm wondering that if Samsung stopped updating the S9 after about four years, will they stop updating the S21 in around two years? I want a nicer phone for the premium features, but at the prices they cost, I REALLY want to be comfortable using it longer than two or three years, like I have done with my S9+.

Thank you for your advice.

 

[AugieTN]

Eligible Galaxy devices include with four years of One UI and five years of security updates[1]: Galaxy S Series: Galaxy S22, S22+, S22 Ultra as well as Galaxy S21, S21+, S21 Ultra, S21 FE and upcoming S series devices.Sep 2, 2022

https://news.samsung.com/us/samsung-galaxy-os-upgrade-one-ui-android-unpacked-2022/

 

[Hadron]

I don't have a problem with using a phone for a year or more after the security updates stop (I tend to use them until the hardware dies, but as that's typically 4-5 years it's usually only 1-2 years after updates stop). Of course if a nasty bug is uncovered and they still don't patch it there might be a point at which I'd be concerned, but it would depend on what the particular bug was and how it could be exploited.

Having the most recent security patches doesn't make you immune from all risks, and whatever the status of your software the biggest risk factor is the user's behaviour. So a user who is fully patched but uses random hotspots for financial business, clicks on links in texts that claim to be from their bank, or installs "free" copies of paid apps from pirate sources, will be at far more risk than someone whose phone is years out of date but is sensible about their actions.

 

[rdpinr]

Thank you for the replies. I must have misunderstood what I read yesterday, because I just read on Wikipedia that the S9 was released in 2018. So, that would indicate that there are at least a couple more months until it is officially five years old. Then again, maybe not, because I see that S9 is not among the models of phones that AugieTN listed in his post. However, S21 is.

So, if the S21 is from 2021, it is scheduled to receive security updates until 2026.

Hadron, I see that you are a "VIP Member", so I am trusting that you are quite skilled in IT, and I feel comfortable taking your advice. Add a year+ to 2026, and I'm well into 2027. I have no problem with that. I already knew, and I avoid all of the bad practices that you brought up in your post.

I feel satisfied that my questions have been answered, and I say "thank you" again.

 

[Fox Mulder]

The S9 wasn't on the same update schedule as the newer devices so it stopped getting updates sooner.
I'm still using mine and I'm not particularly worried about it, as stated it's as much about the user as the device.

 

[svim]

I'd be cautious but only somewhat worried your Galaxy S9+ isn't receiving those monthly security patches any longer. Keep in mind that even a new flagship model that's fully-patched is still vulnerable to getting 'hacked', it's just a matter of degrees comparing your phone to a new one. For the most part the weakest link with any phone's security is us. People and the dumb things we do are the most common problem. And going by your description you already approach your online interactions with a good amount of caution.
So it's a bummer that Samsung dropped supporting your S9+, and it's a travesty that while Google continues to release those monthly patches the manufacturers and the carriers have really failed at what they insisted on controlling years ago, but one good point in your favor is most third-party developers will continue to support and update their apps a lot longer. When you're doing something with your bank account, it's the bank's app on your phone that's directly interacting with the online service managed by your bank, and your phone only incidentally via networking/online connectivity. Even if monthly security updates have ceased, keep up with the app updates through the Play Store app.

 

[rdpinr]

Thanks for the additional comments. Fox: So you're still using an S9, too? Aren't they an awesome phone? I really enjoyed my years with mine, and I am going to really miss it. I'm really going to miss the fingerprint right in the middle of the back. It was so natural to me, because that is exactly where my index finger would be.

And svim, you made a really good point that never occurred to me. B of A... Citibank... Lending Club...US Bank... etc.etc... All of those apps are updating so often that it's almost annoying, right!?! Thank you for pointing that out!

 

[Hadron]

Hadron, I see that you are a "VIP Member", so I am trusting that you are quite skilled in IT, and I feel comfortable taking your advice.

Actually you can pay for VIP membership, so I don't know that I'd assume it means anything .

However most VIP members you'll see around are former (volunteer) staff here, which is sort of how I got mine. It doesn't mean that I'm more skilled than some of the other contributors to this thread though, I'm just speaking from my experience (and @svim makes the point I should have added, that app updates are also important).

 

[rdpinr]

Thank you for the quite honest (and, in my opinion, admirable) reply. I will keep that in mind.

In fact, I was thinking about what svim said. Bank of America is so hardcore when it comes to security, I bet that their app wouldn't even open on my phone if there was something wrong with it. (Something known, but unpatched, I mean.)

 

[beetecaste]

Thank you for the replies. I must have misunderstood what I read yesterday, because I just read on Wikipedia that the S9 was released in 2018. So, that would indicate that there are at least a couple more months until it is officially five years old.

 

[Hadron]

Thank you for the replies. I must have misunderstood what I read yesterday, because I just read on Wikipedia that the S9 was released in 2018. So, that would indicate that there are at least a couple more months until it is officially five years old.

It would, but Samsung never promised 5 years' updates back when the S9 series was released: they have increased the support period for the Galaxy s series since then. I believe that back when the s9 was released it was 4 years, which is admittedly still better than many manufacturers do.