Consumers love new technology. New iterations of iPhones or brand-specific Androids are embraced by devotees looking to analyze the latest features, dissect any potential flaws and conduct entirely biased comparisons to determine which device is best.

Beyond the high-profile advertising that accompanies emerging tech, however, is the underlying software update that typically addresses issues such as system performance, stability and security. But what does this mean for users who can’t or refuse to shell out for the latest versions of their devices? Is the increasingly rapid technology upgrade pace putting money-conscious consumers at risk?

The Device Decision

Five years ago, every new iPhone model came with a host of new features, such as Siri or the front-facing camera for selfies. Android manufacturers, meanwhile, developed their own specializations and began offering niche devices depending on user preferences. Some opted for high-end screens and resolutions, while others moved toward more rugged functionality and lower costs. But the evolution of technology has now caught up with consumer appetite, forcing device manufacturers to streamline their offerings and focus on smaller, quality-of-life improvements over flashy revelations.

While improved security doesn’t top the list of must-have user features, it has become a critical part of the mobile device discussion, especially as malware-makers improve their attacks and find new routes into victims’ smartphones and tablets. As a result, many companies are building in better security software to minimize the risk of compromise.

But users aren’t keeping pace. As noted by The Wall Street Journal, the device replacement cycle is lengthening. Owners are no longer looking to replace their smartphone in 12 to 18 months, instead opting for a two-and-a-half year turnaround. Lack of significant feature updates is one key reason for this shift, but cost also plays a factor, since many devices retail for $500 to $700 upfront if users want to avoid a contract. Add in the demise of the two-year phone agreement, and it’s no surprise that consumers with perfectly serviceable smartphones aren’t beating down the doors to grab the latest edition.

Even Apple’s move to a 12-month upgrade plan that saw customers leasing their phones directly from the tech manufacturer fell flat, since more than 75 percent of device owners now purchase their phones directly from wireless carriers. For these reasons, older smartphones are active longer as users wait for big upgrades and better deals.

Touchy Subject

The slower rate of replacement, however, does come with concerns beyond the bottom line of manufacturers. Most mobile producers roll out new software when they release new devices. This software often comes with a host of security tweaks and features. Some of these tweaks may be critical, but it is mostly a hodgepodge of potential vulnerabilities collected throughout the life cycle of the next most recent device. Does fewer users opting for upgrades mean reduced overall security?

Consider the recent addition of the press-to-unlock feature in iOS 10. As noted by CNET, traditional swiping left-to-right on the lock screen will only bring up cameras and widgets instead of activating TouchID or the PIN code screen. Now, users must hold down the home button — not too long or they’ll start a conversation with Siri, but just long enough for the device to scan a fingerprint and unlock.

Older versions of the OS don’t support this feature, meaning they’re out of sync with the most recent updates. In fact, very old iterations don’t support TouchID at all. What’s more, many users hate the new press-to-unlock feature, opting instead for the rest-to-wake alternative, which can be activated via the Settings menu. The result is a kind of fractured security experience: Some users have tapped the latest offering, some have modified it to suit their needs and others have opted to steer clear of the OS altogether.

The Android Alternative

Android, meanwhile, has its own set of issues. As noted by Recode, the use of Android OS versions supplied by chip manufacturers rather than Google itself has left some devices vulnerable to flaws such as Quadrooter. Meanwhile, Computerworld pointed out that the sheer number of device manufacturers in the Android space — there are more than 3,700 individual Android products available on the market — makes it difficult for companies to rein in security threats in a bring-your-own-device (BYOD) environment.

Android’s biggest security problems stem from platform variations. According to the official Android developer blog, just over 26 percent of devices were running the second-newest OS iteration, Marshmallow, as of Dec. 5, 2016. More than 30 percent still use some form of its predecessor, Lollipop, while 24 percent use the older KitKat version and upwards of 10 percent are running Jelly Bean from three software releases back. As a result, the task of pushing out security updates becomes a serious headache. Most won’t work across all versions, leaving entire subsets of the userbase without any way to reliably update and secure their devices.

Don’t Dodge the Latest Technology Upgrade

Historically the desire for newer, faster and flashier devices drove consumers to purchase mobile tech on a short cycle, making it easier for companies to roll out improved features and security. But with consumers now passing on the latest technology upgrade to save money or avoid specific changes — such as Apple’s unpopular press-to-unlock alteration — it’s harder to push out broad security updates. Simply put, sales no longer boost security, and efforts to force users to adopt mandatory updates haven’t gone over well.

Ultimately, there’s no easy solution here. Smartphones have reached parity across the board, and users are more critical of new offerings than ever before. It’s time for device manufacturers to make software more compelling. If newer versions are tied to the latest and greatest devices and offer a transformative user experience, consumers might be persuaded to upgrade more frequently.

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …