December 28, 2016 By Douglas Bonderud 4 min read

Consumers love new technology. New iterations of iPhones or brand-specific Androids are embraced by devotees looking to analyze the latest features, dissect any potential flaws and conduct entirely biased comparisons to determine which device is best.

Beyond the high-profile advertising that accompanies emerging tech, however, is the underlying software update that typically addresses issues such as system performance, stability and security. But what does this mean for users who can’t or refuse to shell out for the latest versions of their devices? Is the increasingly rapid technology upgrade pace putting money-conscious consumers at risk?

The Device Decision

Five years ago, every new iPhone model came with a host of new features, such as Siri or the front-facing camera for selfies. Android manufacturers, meanwhile, developed their own specializations and began offering niche devices depending on user preferences. Some opted for high-end screens and resolutions, while others moved toward more rugged functionality and lower costs. But the evolution of technology has now caught up with consumer appetite, forcing device manufacturers to streamline their offerings and focus on smaller, quality-of-life improvements over flashy revelations.

While improved security doesn’t top the list of must-have user features, it has become a critical part of the mobile device discussion, especially as malware-makers improve their attacks and find new routes into victims’ smartphones and tablets. As a result, many companies are building in better security software to minimize the risk of compromise.

But users aren’t keeping pace. As noted by The Wall Street Journal, the device replacement cycle is lengthening. Owners are no longer looking to replace their smartphone in 12 to 18 months, instead opting for a two-and-a-half year turnaround. Lack of significant feature updates is one key reason for this shift, but cost also plays a factor, since many devices retail for $500 to $700 upfront if users want to avoid a contract. Add in the demise of the two-year phone agreement, and it’s no surprise that consumers with perfectly serviceable smartphones aren’t beating down the doors to grab the latest edition.

Even Apple’s move to a 12-month upgrade plan that saw customers leasing their phones directly from the tech manufacturer fell flat, since more than 75 percent of device owners now purchase their phones directly from wireless carriers. For these reasons, older smartphones are active longer as users wait for big upgrades and better deals.

Touchy Subject

The slower rate of replacement, however, does come with concerns beyond the bottom line of manufacturers. Most mobile producers roll out new software when they release new devices. This software often comes with a host of security tweaks and features. Some of these tweaks may be critical, but it is mostly a hodgepodge of potential vulnerabilities collected throughout the life cycle of the next most recent device. Does fewer users opting for upgrades mean reduced overall security?

Consider the recent addition of the press-to-unlock feature in iOS 10. As noted by CNET, traditional swiping left-to-right on the lock screen will only bring up cameras and widgets instead of activating TouchID or the PIN code screen. Now, users must hold down the home button — not too long or they’ll start a conversation with Siri, but just long enough for the device to scan a fingerprint and unlock.

Older versions of the OS don’t support this feature, meaning they’re out of sync with the most recent updates. In fact, very old iterations don’t support TouchID at all. What’s more, many users hate the new press-to-unlock feature, opting instead for the rest-to-wake alternative, which can be activated via the Settings menu. The result is a kind of fractured security experience: Some users have tapped the latest offering, some have modified it to suit their needs and others have opted to steer clear of the OS altogether.

The Android Alternative

Android, meanwhile, has its own set of issues. As noted by Recode, the use of Android OS versions supplied by chip manufacturers rather than Google itself has left some devices vulnerable to flaws such as Quadrooter. Meanwhile, Computerworld pointed out that the sheer number of device manufacturers in the Android space — there are more than 3,700 individual Android products available on the market — makes it difficult for companies to rein in security threats in a bring-your-own-device (BYOD) environment.

Android’s biggest security problems stem from platform variations. According to the official Android developer blog, just over 26 percent of devices were running the second-newest OS iteration, Marshmallow, as of Dec. 5, 2016. More than 30 percent still use some form of its predecessor, Lollipop, while 24 percent use the older KitKat version and upwards of 10 percent are running Jelly Bean from three software releases back. As a result, the task of pushing out security updates becomes a serious headache. Most won’t work across all versions, leaving entire subsets of the userbase without any way to reliably update and secure their devices.

Don’t Dodge the Latest Technology Upgrade

Historically the desire for newer, faster and flashier devices drove consumers to purchase mobile tech on a short cycle, making it easier for companies to roll out improved features and security. But with consumers now passing on the latest technology upgrade to save money or avoid specific changes — such as Apple’s unpopular press-to-unlock alteration — it’s harder to push out broad security updates. Simply put, sales no longer boost security, and efforts to force users to adopt mandatory updates haven’t gone over well.

Ultimately, there’s no easy solution here. Smartphones have reached parity across the board, and users are more critical of new offerings than ever before. It’s time for device manufacturers to make software more compelling. If newer versions are tied to the latest and greatest devices and offer a transformative user experience, consumers might be persuaded to upgrade more frequently.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today