Upgrade or be left behind

ANALYSIS Millions of smartphone users may have a little less mobile security next month, after WhatsApp withdraws its support for older versions of Android and iPhone operating systems.

Devices running on iOS 8 and earlier, or Android versions 2.3.7 and earlier, will no longer receive updates from the free messaging service, with app features expected to deprecate on these systems from February 1.

“WhatsApp for iPhone requires iOS 9 or later,” WhatsApp said in a recent statement on its website.

“On iOS 8, you can no longer create new accounts or reverify existing accounts.

“If WhatsApp is currently active on your iOS 8 device, you’ll be able to use it until February 1, 2020.”

According to the UK’s National Cyber Security Centre, a security vulnerability is much more likely to be exploited on end-of-life devices that run unsupported software.

The damage that these issues can cause also increases, with attackers finding an easy target in technology where the only fix available is to upgrade to patch supported hardware or operating system.

The general functionality of the retired product tends to break, as well.

“We don’t explicitly restrict the use of jailbroken or unlocked devices,” WhatsApp said.

“However, because these modifications might affect the functionality of your device, we can’t provide support for devices using modified versions of the iPhone’s operating system.”

There is no industry standard as to when to end support for dated versions of an app or software. The decision is largely decided in the boardrooms of tech conglomerates, and generally viewed as a balancing act between consumer market share, cost, and security.

In order to keep on top of the software lifecycle, consumers are often required to upgrade their hardware. In the case of Apple, iOS 13 – the latest version of its mobile OS – is only compatible with the iPhone 6S and above.

At the other end of the spectrum, iOS 8, Apple’s eighth major operating system released in 2014, receives only minimal third-party application support.

“Of course Apple wants us to upgrade to their latest and greatest iPhones and MacBooks,” Patrick Wardle, Mac security expert and creator of the infosec blog and security toolkit site Objective-See, told The Daily Swig last year.

“But from a security point of view (versus just a consumer/marketing point of view), there is no denying that the latest version of their software and hardware (for example devices) are often far more secure than their predecessors,” Wardle said.

“Users should really upgrade to newer versions,” he added.


Read the latest mobile security news and breaches


This is an ongoing game for consumers, and indeed businesses, to have a healthy level of security and rid themselves of, what is known in the industry, as technical debt – the migration away from Windows 7 is one example.

Affordability can outweigh the guarantee of vendor support, however, which illustrates the reality of many individuals who lose the security guarantee that comes alongside regular patches on compatible hardware.

While there are no official statistics related to the version types of mobile ownership, Angela Siefer, executive director of the US non-profit National Digital Inclusion Alliance (NDIA), says it’s safe to assume that those in low income brackets are less likely to be using the latest devices.

The most vulnerable populations are put at even more risk, she says.

“The situation with WhatsApp is definitely alarming, but it’s also not surprising,” Siefer told The Daily Swig.

“As technology keeps innovating there is going to continue to be people left behind, and society needs to figure out how to support those folks as technology moves forward.”

The NDIA works to address affordability issues related to internet access and ownership of digital devices. Part of that mandate is education, where security, in particular, needs to move outside the tech industry bubble in order to reach individuals who may not realize that their software needs fixes.

“They’re [consumers] not reading tech blogs, they’re probably not reading anything about WhatsApp, they’re just frustrated because now it [WhatsApp] doesn’t work anymore,” Siefer said.

There are certain cases where tech companies or software vendors provide extended support for their products, whether in full due to their popularity or through open sourcing specific applications, as the case with the iPhone.

But these third-party applications fall few and far between, and some, including Paul Roberts, founder of the right to repair infosec group Securepairs, believing legislation should compel companies to release unsuppoprted software into the public domain.

“So, in the context of WhatsApp, open source discontinued versions of the app and put it on GitHub,” Roberts told The Daily Swig.

“That way, technically minded users can pick up where the company left off: making a ‘public’ version of the app that will continue to work on older phones and tablets.”

WhatsApp deciding to make versions of iOS and Android obsolete follows a move to end its support for all Windows phones at the beginning of the year, similar to one taken by parent company Facebook in April 2019, which sunset Facebook, Messenger, and Instagram apps for users of the limited Microsoft smartphone.

WhatsApp is currently one of the most popular chat apps for smartphones operated in 2017 by an approximate 1.5 billion consumers across the globe.

The company did not reply to The Daily Swig’s request for comment about how many people use its service on the soon-to-be out-of-date operating system, but as Facebook, and other tech giants, continue to gain a foothold in emerging markets, consumer desire to hold onto older devices may drive the industry to rethink the end-of-life ecosystem.


RELATED Apple pulls U-turn on right to repair