As many as three in 10 mobile phone models for sale on second-hand sites could be vulnerable to hacking, an investigation reveals.

This is because some phones lose important update support after two years, leaving owners with potentially unsecure devices.

Some of the phones being resold that are no longer receiving security updates include the Apple iPhone 5, Google Pixel XL, Huawei P10, Samsung A8 Plus (2018) and the Samsung Galaxy S7.

Campaign group Which? investigated listings on three mobile phone recycling websites. It found that almost a third (31%) of the mobile phone models on sale at CeX could be vulnerable because they are no longer supported by security updates.

This also applied to a fifth (20%) of the models on Music Magpie and one in six (17%) on SmartFoneStore. Both told Which? these only accounted for a very small percentage of sales. Music Magpie removed from sale unsupported devices as a result of the investigation and said it will provide information to buyers that a product no longer receives security updates.

SmartFoneStore also issued an update, adding a warning on unsupported devices so consumers are aware before they buy them. CeX did not provide a comment.

Which? said that while recently out-of-support devices might not have immediate problems, without security updates, the risk to the user of being hacked is increased. It added that generally, the older the phone, the greater the risk.

The electronic waste problem is also likely to continue without robust, sustainable solutions for the disposal of mobile phones. Indeed, a survey by Which? revealed that 62% of people believed a mobile phone was broken down for parts when it is sent for recycling, rather than being resold.

There is potential to prolong the lifespan of devices, namely by manufacturers offering more than a couple of years of update support, Which? said.

‘Environmental consideration shouldn’t come at the cost of customer security’

Kate Bevan, Which? computing editor, said: “Keeping mobile phones in circulation for longer is better for the environment but it shouldn’t come at the cost of customer security. Unless manufacturers become more transparent, and those offering vital updates for only a couple of years do better, there is a risk that second-hand phones will be vulnerable to hackers or end up dumped in a landfill site.

“If your mobile phone is no longer receiving security updates you should consider upgrading as soon as possible. While you continue to use an out-of-support device, you must take steps to mitigate the risks – including using mobile antivirus software, managing app permissions and only downloading from official stores.”

From 2021, the EU adopted new Right to Repair standards means firms will have to make appliances – including, mobile phones, tablets and laptops – longer-lasting, and will have to supply spare parts for machines for up to 10 years.