iPhone's with not latest iOS; how secure are these? And better to get a new one?

[kiddingguy]

Just a question... my parents both have an iPhone 8, which isn't fully supported with the upcoming latest iOS 17.

How 'bad' is it if they stay on the latest iOS 16? Are these security risks?

Or it it better to have the newest iOS at any given moment and to be fullt protected to ALL security patches [and not just like a 70% on the 16.x.x patches]?
And, in that case, they need to have a new iPhone with do support iOS17 and later.... (e.g. iPhone SE 2022, iPhone 13 or later)

I'm sure Apple won't bother...

[tsupersonic]

Apple actually does bother. They release security updates for iPhone/iPad models that aren’t supported by the latest iOS or iPadOS. My original iPad Air still receive security updates and that’s a decade old. If their iPhone 8 still works fine for their purpose, there’s no concern with them using it. 

[kiddingguy]

On 06/08/2023 at 19:23, tsupersonic said:

Apple actually does bother. They release security updates for iPhone/iPad models that aren’t supported by the latest iOS or iPadOS. My original iPad Air still receive security updates and that’s a decade old. If their iPhone 8 still works fine for their purpose, there’s no concern with them using it. 

I read somewhere that like 80% of the patches of the most current iOS is ported back to a lower, unsupported, version, e.g. latest iOS 16.x version and the most current iOS15.x (on older devices).

[+Good Bot, Bad Bot Subscriber¹]

On 07/08/2023 at 02:31, kiddingguy said:

I read somewhere that like 80% of the patches of the most current iOS is ported back to a lower, unsupported, version, e.g. latest iOS 16.x version and the most current iOS15.x (on older devices).

The more recent vulnerabilities are going to be the most actively exploited so 80% or whatever is not any real protection. I wouldn't ever use a device that wasn't still getting security updates let alone allow my parents (assuming yours like mind are not tech savvy at all so worse) to use an insecure device. There is no reason to and that is not smart so anyone that tells you otherwise has no idea what they are talking about.  An used iphone that is two or three models back is not even that expensive so please upgrade them.

I am talking about security updates not OS upgrades but until like a couple of months ago security updates were only packaged with OS updates (unlike on Android) with iOS. Apple does issue just security updates now but I believe just for the very critical vulnerabilities and doubt for supported phones.

Edited August 7, 2023 by Good Bot, Bad Bot

[kiddingguy]

On 07/08/2023 at 17:40, Good Bot, Bad Bot said:

The more recent vulnerabilities are going to be the most actively exploited so 80% or whatever is not any real protection. I wouldn't ever use a device that wasn't still getting security updates let alone allow my parents (assuming yours like mind are not tech savvy at all so worse) to use an insecure device. There is no reason to and that is not smart so anyone that tells you otherwise has no idea what they are talking about.  An used iphone that is two or three models back is not even that expensive so please upgrade them.

I am talking about security updates not OS upgrades but until like a couple of months ago security updates were only packaged with OS updates (unlike on Android) with iOS. Apple does issue just security updates now but I believe just for the very critical vulnerabilities and doubt for supported phones.

So it's better also to have  the latest hardware/iPhone's which fully support also the latest iOS... gotcha! Let's get some new iPhone's 🥳

[Sikh]

On 06/08/2023 at 09:39, kiddingguy said:

Just a question... my parents both have an iPhone 8, which isn't fully supported with the upcoming latest iOS 17.

How 'bad' is it if they stay on the latest iOS 16? Are these security risks?

Or it it better to have the newest iOS at any given moment and to be fullt protected to ALL security patches [and not just like a 70% on the 16.x.x patches]?
And, in that case, they need to have a new iPhone with do support iOS17 and later.... (e.g. iPhone SE 2022, iPhone 13 or later)

I'm sure Apple won't bother...

 

> I'm sure Apple won't bother...

What is this suppose to mean in english? After everything you wrote, this statement doesnt make sense. Do you know or did you bother googling when the iPhone 8 came out? The iPhone 8 came out in September of 2017. They supported your parents phones for ~7 years. Apple has committed to 5-7 years of software support and your parents phones hardware has also lasted as long.

Show me a company that commits to 5-7 years of software updates before you expect "more" from Apple. Google just RECENTLY (last ~2 years) committed to 4 years for PIXELS, before that it was 2 years. Android in general doesnt give you any gurrantees and the top manufacturers (Samsung, etc) barely make it 2 years of software updates let alone security updates. 

-----------

Now to answer your question, unless a Zero day comes out that can be easily exploitable or another such issue, your parents will be fine as long as they use their phone like normal and dont click on anything sketchy (this can be said about any OS/software).

[kiddingguy]

On 08/08/2023 at 01:23, Sikh said:

 

> I'm sure Apple won't bother...

What is this suppose to mean in english? After everything you wrote, this statement doesnt make sense. Do you know or did you bother googling when the iPhone 8 came out? The iPhone 8 came out in September of 2017. They supported your parents phones for ~7 years. Apple has committed to 5-7 years of software support and your parents phones hardware has also lasted as long.

Show me a company that commits to 5-7 years of software updates before you expect "more" from Apple. Google just RECENTLY (last ~2 years) committed to 4 years for PIXELS, before that it was 2 years. Android in general doesnt give you any gurrantees and the top manufacturers (Samsung, etc) barely make it 2 years of software updates let alone security updates. 

-----------

Now to answer your question, unless a Zero day comes out that can be easily exploitable or another such issue, your parents will be fine as long as they use their phone like normal and dont click on anything sketchy (this can be said about any OS/software).

It's meant as a joke... like, I'm sure Apple will sure like this extra turnover 😉

Sure I get it that 5-7 years full of support is more than okay! That's not the question here.

The question is: is it still safe to use a phone which doesn't run the latest iOS, and might -therefor- be more prone to vulnerabilities.

[goretsky Supervisor]

Hello,

I would normally say that iOS is more secure than Android OS in many ways, but that also depends on which device, how it is managed, and what the device's user needs to protect.

What is the risk profile for your parents?  Are they the type to click on everything, engage with fraudsters and scammers, etc., or do they ignore all messages except those from friends and family, and don't use anything but a handful of apps?

Regards,

Aryeh Goretsky
 

[SuperHands]

Apple do still patch unsupported iOS versions but only individual extreme severity patches. Maybe one patch a year or something.

Given they support new devices for at least 5 years or more, it's probably worth getting a new one and being protected seeing as security patches won't be a concern for a long time then.

[+Good Bot, Bad Bot Subscriber¹]

On 07/08/2023 at 19:23, Sikh said:

Show me a company that commits to 5-7 years of software updates before you expect "more" from Apple. Google just RECENTLY (last ~2 years) committed to 4 years for PIXELS, before that it was 2 years. Android in general doesnt give you any gurrantees and the top manufacturers (Samsung, etc) barely make it 2 years of software updates let alone security updates. 

-----------

Now to answer your question, unless a Zero day comes out that can be easily exploitable or another such issue, your parents will be fine as long as they use their phone like normal and dont click on anything sketchy (this can be said about any OS/software).

Your remark on Samsung software support was not accurate. They offer in some ways better support than Google with four OS updates and five years of security updates on flagship devices and some mid range devices. You should have called out the Chinese OEMs.

Older people that are not tech savvy are the kind of users that do "click" anything. How would anyone know what they are doing? It's time to replace the unsupported ihones even is get models 2 or 3 years old which are not very expensive.

 

On 08/08/2023 at 04:32, goretsky said:

Hello,

I would normally say that iOS is more secure than Android OS in many ways, but that also depends on which device, how it is managed, and what the device's user needs to protect.

What is the risk profile for your parents?  Are they the type to click on everything, engage with fraudsters and scammers, etc., or do they ignore all messages except those from friends and family, and don't use anything but a handful of apps?

Regards,

Aryeh Goretsky
 

How can one really know the risk profile of someone else? Sure maybe they don't make wireless payments or browse the web on their phones but it's common for people to say one thing and do another. Maybe his dad likes to go to porn sites when on the toilet?

Security updates are a basic level one first step to secure a device. Everyone should be using phones that are still supported and still get regular security updates. Why take that chance especially with one's parents?

[Steffan]

It's a double-edged sword.  Yes, both the OS and the apps they are using should be patched.  If the parents are using the phones to make calls and text, then they should be fine.  However, if they are using them to check their bank account and social media, then they should upgrade their phones to make sure the OS stays patched.  Eventually, companies will require a newer OS version to continue to use their app.  Plus, you can trade in your older device to Apple for some money off a newer device as long as there's not too much damage.

[goretsky Supervisor]

On 08/08/2023 at 06:47, Good Bot, Bad Bot said:

How can one really know the risk profile of someone else? Sure maybe they don't make wireless payments or browse the web on their phones but it's common for people to say one thing and do another. Maybe his dad likes to go to porn sites when on the toilet?

Security updates are a basic level one first step to secure a device. Everyone should be using phones that are still supported and still get regular security updates. Why take that chance especially with one's parents?

 

Hello,

I would imagine it would involve asking about how the devices are used, look at sites visits, apps installed, and so forth.

Regards,

Aryeh Goretsky
 

[+Good Bot, Bad Bot Subscriber¹]

On 09/08/2023 at 12:14, goretsky said:

 

Hello,

I would imagine it would involve asking about how the devices are used, look at sites visits, apps installed, and so forth.

Regards,

Aryeh Goretsky
 

Did you not understand my point? So his dad going to tell his son he watches porn while on the toilet? LOL Security that is only takes in account the expected is poor security.

[goretsky Supervisor]

On 09/08/2023 at 11:27, Good Bot, Bad Bot said:

Did you not understand my point? So his dad going to tell his son he watches porn while on the toilet? LOL Security that is only takes in account the expected is poor security.

Hello,

That is an interesting assumption you came up with.  In any case, asking the parent if you can look over the device and checking the browsing history while away from them is a possibility.

Regards,

Aryeh Goretsky
 

[+Good Bot, Bad Bot Subscriber¹]

On 09/08/2023 at 17:50, goretsky said:

Hello,

That is an interesting assumption you came up with.  In any case, asking the parent if you can look over the device and checking the browsing history while away from them is a possibility.

Regards,

Aryeh Goretsky
 

What? That is not going to go over well with anyone. What are you going to suggest next? Beat the info out of them? How about we just make sure they have a properly configured phone that still gets security updates.

[goretsky Supervisor]

On 09/08/2023 at 20:25, Good Bot, Bad Bot said:

What? That is not going to go over well with anyone. What are you going to suggest next? Beat the info out of them? How about we just make sure they have a properly configured phone that still gets security updates.

Hello,

It is possible that would help secure the device, but elder abuse is a specific crime in many countries.

Regards,

Aryeh Goretsky

[iui4]

Or you know if money is an issue, then there are certain ways to go about things. Easiest thing to do is to buy them new phones get them the SEs literally the same size/form factor and you can backup and transfer everything it would be like they never got rid of their phones to begin with. It doesn't seem like there's an issue purchasing new devices. It's the safe approach not only that they'll eventually want new phones as their battery life is only going to get worse. Just my 2 cents 🤷‍♀️

[kiddingguy]

Thx for all the info. Some made me laugh!

I'll advise them for a new SE (or maybe iPhone 13 mini to have the same form factor, but with Face ID and all). I'll just wait until Apple announces the iPhone 15 next month (probably) and maybe these SE's and other earlier models might get a price drop [at least it saves them some money and the phones still working - and supported].

[kiddingguy]

Preferably I'd opt for the iPhone 13 mini.

However, will the iPhone 13 mini still be available on Apple's site (and for a lower price) after the introduction of the iPhone 15?

Sure, on sites like amazon and alike it  will be available I guess...

[Sikh]

On 13/08/2023 at 10:11, kiddingguy said:

Preferably I'd opt for the iPhone 13 mini.

However, will the iPhone 13 mini still be available on Apple's site (and for a lower price) after the introduction of the iPhone 15?

Sure, on sites like amazon and alike it  will be available I guess...

If they replace the mini, it wont be available. If they dont replace the mini, theres a chance it'll be available. As for a price drop, the only please you are going to see that is third parties (amazon, best buy, etc).

If you are planning on buying them the iPhone Mini, I would recommend looking at best buy a day or two before the announcement or the day of the announcement. They will be the first ones to discount any old phones / stock and they will do it early or the day of.