Germany wants phone makers to offer 7 years of security updates

Even the EU isn't currently asking for as much.

sigoisette via Getty Images

Your current phone might get security patches for several years to come, at least if Germany has its way. C't reports the German federal government is pushing the European Union to require seven years of security updates and spare parts for smartphones as part of negotiations with the European Commission. That's two years longer than a recent Commission proposal, and would effectively give phones a more computer-like support cycle.

Both proposals are unsurprisingly facing pushback from manufacturers. The industry advocacy group DigitalEurope (which counts Apple, Google and Samsung as some of its members) wants a requirement for just three years of security updates, and wants to limit spare parts to screens and batteries rather than cameras, speakers and other components that are supposedly more reliable.

DigitalEurope is effectively arguing for the status quo, in other words. While Apple typically delivers five years of regular feature and security updates, many Android vendors stop at three or less. Samsung only committed to four years of security fixes in 2021. Some of this has been dictated by Qualcomm's update policy, but it's clear the brands themselves are sometimes reluctant to change.

This extended support might become crucial. The EU's proposal, potentially in effect by 2023, is meant to help the environment by letting you keep phones for longer. They'd stay protected and functional for roughly twice the 2.5 to 3.5 years you see today.

However, this could also be vital for bolstering mobile security as a whole. Just over 40 percent of Android users are running 9.0 Pie or earlier, according to StatCounter's August 2021 usage share data — a large portion of mobile users have devices that either stopped receiving security updates or are close to losing them. Longer support periods could prevent attackers from targeting old phones that, at present, have been left permanently vulnerable to exploits patched in newer software.