The best phones you can buy right now all come with top specs, a plethora of features and pro-level camera systems. But these flagship handsets, like the iPhone 16 Pro and Samsung Galaxy S25 Ultra, also demand a lot of cash if you want to slide them into your pocket. It’s no surprise that many of us look toward more affordable options instead of opting for the latest model. You can save a bundle by looking toward used or older devices. After all, older hardware is usually fully capable of handling what you need it to, and it’s more environmentally friendly to keep using phones for longer, rather than sending them to landfill.

But while these old smartphones might be cheaper, they may not be safe to use, especially if you bought a used phone that’s more than a few years old. The problem is that older phones might run outdated versions of Android or iOS, which means they often don’t have critical security updates that can keep you and your data safe. 

If you’re concerned about security and privacy — and you should be — here are some things to consider.

Read more: Make Your Phone Last for Years With These Easy Tips

What is a security patch for a phone OS?

Hackers are constantly looking for cracks and holes in your phone’s software to exploit. Whenever hackers discover a new hole, phone-makers usually get it fixed, and that fix is sent out to your phone to make sure that nobody can take advantage of it. That’s a security patch. You’ll likely have received plenty of them over time as cybercriminals are always trying to find new ways to circumvent the security on your phone.

It’s a continual game of cat and mouse, with hackers finding holes and software providers patching them up. And on the cycle goes. Most of the time, you’ll never know about it, but it’s the thing that’s keeping your phone up to date and protected against known threats.

Why do manufacturers stop sending out security patches?

All manufacturers including Samsung, Sony, Google and OnePlus only provide support to a phone for so long. Each new handset that’s released and each new version of Android requires new threat assessment and patching. That’s a lot of work, and it means that finding and patching those holes for every single handset spanning years and years just becomes unfeasible.

As a result, Google and the phone-makers eventually have to cut off support for older handsets. Those handsets then will no longer receive security updates, meaning that when a threat is detected on that phone, it simply won’t be fixed.

So is using an out-of-date phone safe?

As Christoph Hebeisen, director of the security intelligence company Lookout, explained, «We do not consider it safe to run a device that does not receive security patches. Critical security vulnerabilities become public knowledge every few weeks, or months, and once a system is out of support, then users who continue to run it become susceptible to exploitation of known vulnerabilities.»

According to Hebeisen, a vulnerable phone could allow full access to everything that’s on your phone, including your personal and company emails, contact information, your banking details or audio of your phone calls. A hacker could continue to have access to this information for as long as you continue using the compromised handset.

Read more: Best Portable Chargers and Power Banks for Android Phones

How do I know if my phone is too old?

Finding out if your phone is still supported and receiving security patches often isn’t straightforward. To start, go into Settings and check your software updates. Install the latest version that’s available. Usually it’ll give you some indication of when the phone was last updated. If your phone says it has the latest OS software, but that latest version was installed many months or even years ago, it’s bad news. Your phone is probably no longer supported.

Sadly, manufacturers don’t give you a warning that tells you when they’ve dropped support for a phone, so you either find out through a rude awakening like I mentioned above, or figure it out yourself through some other means.

Previously it was common that phones may only be supported for a few years, but thankfully most companies — including Google and Samsung — have upped their game, offering support for at least seven years on their recent generations of phone. Google’s latest Pixel 9 and 9 Pro will still be safe to use into 2031, while Apple’s iPhone XR, released six years ago, is still compatible with the latest version of iOS. Companies such as Fairphone take that even further, promising at least eight years of support, while even budget phones like the Nothing CMF Phone 2 Pro come with six years of support.

But longer support periods have been something of a recent trend so if you’re buying an older-generation phone on the used market, it’s possible its support period may be shorter, and may even be out of support already.

Finding out if your Android phone is supported will involve some digging. Samsung sent me its list after I contacted its PR team, and it’s available online here, and while it makes it clear which phones are currently supported with updates, it doesn’t say for how long those updates will continue. Google has a page that clearly tells you when your Pixel or Nexus phone will lose security support. (Spoiler alert: All Nexus and Pixel phones up to and including 2021’s Pixel 5A are all out of their official support periods.)

Your best place to start is with the support pages on your phone manufacturer’s website. You might not notice immediately if your phone is out of date. The most obvious sign you’re on old software might be when you look for new apps to download. Many apps will simply be incompatible due to the software and hardware limitations on your phone and you won’t be able to install them.

How can I tell if my phone has been hacked?

Whether you’d ever notice if your phone’s security was compromised is difficult to say. Cybercriminals don’t exactly make it known they’ve accessed your device, so you’ll need to look for signs. Popups that might appear on the phone are a big giveaway, as are any apps that suddenly appear that you didn’t download.

Also watch out for unexplained high data usage, as it could be that malicious apps are using a lot of data in the background. Other indicators can also include unusually high battery usage and sluggish performance, but both of these can also be attributed to using older hardware that degrades over time.

Read more: Best Android VPNs

How can I keep myself safe if I have an old phone?

As Hebeisen says, the best way to keep yourself safe is simply to not use a phone that’s no longer supported. If you’re short on money, can’t afford to upgrade just yet or you’re using an older phone temporarily for whatever reason, there are a couple of things you can do that could help.

First, you should make sure the phone has the latest software installed. If you bought it used, make sure to fully factory-reset the phone. Ensure that you only download apps from the Google Play Store (rather than from third-party or unofficial app stores) and certainly avoid installing apps by downloading the APK file from a website. This can often be a way that malicious software weasels its way into a phone.

You can help protect your personal information by simply not giving too much away in the first place. Don’t do any banking on the phone, don’t sync your company email accounts and don’t send sexy pictures or have sexy video chats until you’re back on a protected device. (Even over a phone, it’s important to practice safe sex.)

According to Hebeisen, if you don’t take such precautions, «this might enable an attacker to observe and manipulate almost everything happening on the device.» That’s a cold shower, right there.