Samsung won't have to patch your old phones, court rules

The fight to get better phone security seems to be a losing battle, quite literally, with a Dutch court ruling that Samsung isn’t obliged to patch its older phones.

While Google dishes out software updates for Android on a regular basis, it passes them on to the phone manufacturers for distribution to users. Samsung – like most other manufacturers – chooses if and when it wants to roll out those patches.

The South Korean electronics giant was taken to court by Dutch consumer rights group Consumentenbond, which argued that the company should update its phones for at least four years after they go on sale, or for at least two years after they are sold. It even wanted the company to provide the patches within three months of them becoming available.

Losing (court) battle

Consumentenbond alleged that Samsung was leaving users unprotected from security risks by not providing patches for its phones in a “timely” fashion, with some of its older models not receiving any updates at all.

The Hague administrative court, however, disagreed with Consumentenbond and ruled that the case was inadmissible because it relates to the company’s future activities. According to the court ruling, “nothing can be decided regarding the nature and severity of any future security risks and Samsung's future actions" as it’s hard to determine “specific circumstance” today.

That means that if a risk is discovered in future, Samsung could choose to distribute updates to all its phones, or may not patch the software at all, depending on the nature of the bug and the limitations of the phone hardware.

Samsung support

Most phone manufacturers support their handsets for two full years after launch, with some companies, including Google, adding another year to the support cycle for security updates. Samsung says that its two-year support tenure and update frequency are “reasonable” enough. After all, phones have a two-year warranty in many countries, including the EU, and one year everywhere else.

While this may not sound very reassuring from a consumer perspective, it must be noted that when it comes to security patches, they aren’t feature updates (i.e. an OS overhaul), so companies aren’t necessarily legally obliged to distribute them, especially given those security exploits don’t arrive with the phone at launch.

From a business perspective, patching old devices isn’t a particularly profitable practice — unless the company can show that not doing so affects sales. And so far, neglecting old devices doesn’t seem to have hurt anyone’s bottom line.

We’re not saying that Samsung, or the court ruling for that matter, is in the right, but extending the support cycle sounds reasonable enough when Android is a highly targeted operating system.

Sharmishta Sarkar
Managing Editor (APAC)

Sharmishta is TechRadar's APAC Managing Editor and loves all things photography, something she discovered while chasing monkeys in the wilds of India (she studied to be a primatologist but has since left monkey business behind). While she's happiest with a camera in her hand, she's also an avid reader and has become a passionate proponent of ereaders, having appeared on Singaporean radio to talk about the convenience of these underrated devices. When she's not testing camera kits or the latest in e-paper tablets, she's discovering the joys and foibles of smart home gizmos. She's also the Australian Managing Editor of Digital Camera World and, if that wasn't enough, she contributes to T3 and Tom's Guide, while also working on two of Future's photography print magazines Down Under.