Your phone did not stop working. The screen still lights up. Apps still open. But at some point, quietly, without a notification or a warning, your manufacturer stopped sending it security patches. The phone looks the same. The risk it carries is not. In December 2025, Google patched 51 Android vulnerabilities in a single monthly bulletin. Two of them - CVE-2025-48633 and CVE-2025-48572 - were already being actively exploited in real-world attacks when the bulletin was published. CISA added both to its Known Exploited Vulnerabilities catalog and mandated that US federal agencies patch within three weeks. If your phone was not on the update list, it received no fix. Those vulnerabilities remain open. That is what end of software support actually means in 2026.
Understanding how manufacturers decide when to cut off your device - and what that decision costs you - is now one of the most practically important things you can know before buying a smartphone.
Why This Decision Exists at All
Smartphones run on operating systems that are updated continuously. Android's monthly security bulletins patch vulnerabilities across the kernel, system framework, hardware drivers, and third-party components. Apple does the same for iOS. These patches exist because security researchers and attackers find new vulnerabilities every month, and the number is growing. As of November 30, 2025, the total number of reported CVEs across all software surpassed 42,000 for the year - a 16.9% increase over 2024. Mobile platforms are not exempt from this volume. The September 2025 Android Security Bulletin alone addressed two zero-day vulnerabilities already confirmed as actively exploited in the wild before the fix was even published.
Maintaining patches for every device a manufacturer has ever shipped is not economically or technically trivial. Each Android version requires its own patch build. Each hardware configuration - processor, modem, display driver, camera controller - may need manufacturer-specific modifications to the base Android patch. A company shipping fifty models across four years of hardware generations is maintaining dozens of distinct software configurations simultaneously. At some point, the cost of that maintenance exceeds the revenue the device generates, and the manufacturer draws a line.
That line is the end-of-support date. It is a business decision with security consequences that most buyers do not factor into their purchasing choice.
How Each Major Manufacturer Sets the Line
The gap between manufacturers on this question is larger than most people expect, and it has widened significantly since 2022.
Google Pixel: The Current Benchmark
Google Pixel phones set the current high-water mark for Android update commitments. Starting with the Pixel 8 series, Google guaranteed seven years of Android OS updates, security patches, and Feature Drops from the device's launch date. The Pixel 9 series carries the same commitment, with support running through 2033. This is the longest guaranteed support window for any Android device currently available, and it is intentional - Google owns Android and can maintain its own devices without waiting for third-party chipmaker cooperation.
The practical advantage is speed as well as duration. Pixel devices receive security patches the same day Google publishes the monthly Android bulletin. There is no delay for an OEM to repackage the update. When CISA mandated federal agencies patch CVE-2025-48633 by December 23, 2025, Pixel devices already had the fix. Devices from other manufacturers were waiting for their manufacturers to process and release it.
Samsung: From Four Years to Seven
Samsung's update policy has undergone the most dramatic improvement of any major Android manufacturer in recent years. The Galaxy S21 series, launched in 2021, was promised four years of OS updates and four years of security patches under Samsung's policy at the time. As of early 2026, the Galaxy S21 lineup has been fully retired from both feature and security updates. Owners of those phones are now running unsupported hardware.
The contrast with Samsung's current policy is significant. Galaxy S24 and S25 series devices, along with Galaxy Z Fold and Z Flip devices from 2023 onward, are now promised seven years of Android OS updates and seven years of security patches - matching Google Pixel. The Galaxy A55, a mid-range device priced at $379, carries a five-year update commitment, an offer that would have been unthinkable in the mid-range segment three years ago.
The shift happened because Samsung had a competitive problem. Once Google committed to seven years on Pixel 8, every Samsung device with a shorter window looked worse by comparison. Seven years became the new expectation for flagship Android, and Samsung matched it rather than cede the narrative to Google.
Samsung updates typically take longer to reach devices than Pixel updates, as Samsung repackages Google's base patches with its One UI modifications. The gap is measured in days to weeks rather than months for flagship models. Budget and older Samsung devices have historically experienced longer delays and less consistent coverage.
Apple iPhone: Long Support Without a Written Guarantee
Apple's approach to software support is both the most generous in practice and the least formally documented. Apple does not publish official end-of-support dates or commit to a specific number of years in advance. What it does instead is maintain a track record that has consistently exceeded every Android manufacturer.
The iPhone 8, released in 2017, received iOS 16 in 2022 - five years of major OS updates. The iPhone XR, released in 2018, was still receiving iOS 18 in 2025, seven years after launch. The iPhone 17 series, released in September 2025, is broadly expected to receive updates through iOS 25 or iOS 26, meaning support through 2032 or 2033. No other smartphone manufacturer has matched this track record across a full product range.
The reason Apple can sustain this is architectural. Apple designs its own chips, its own operating system, and its own devices. There is no third-party chipmaker whose driver support Apple depends on. When Qualcomm stops maintaining drivers for a chipset, every Android device using that chip loses a critical layer of support regardless of what the OEM promised. Apple has no equivalent dependency.
The meaningful caveat is that Apple's support decisions are opaque. There is no published commitment you can hold the company to contractually. Devices get cut when Apple decides they do, without advance notice. In 2025, two WebKit zero-day vulnerabilities - CVE-2025-14174 and CVE-2025-43529 - were confirmed as actively exploited in attacks targeting iOS versions prior to iOS 26. Devices old enough not to support iOS 26 had no recourse.
OnePlus: Improved but Still Tiered
OnePlus began as a brand that offered near-flagship hardware at prices that undercut Samsung and Apple substantially. Its update policy reflected that positioning: two years of OS updates was standard for most of its early history. That has changed, but the change is not uniform across the lineup.
OnePlus 11 onward carries a commitment of four years of OS updates and five years of security patches for main numbered series devices. The OnePlus Open foldable carries the same commitment. The Nord 4 mid-ranger offers four years of OS updates and six years of security patches, an unusually strong commitment for its price tier. The OnePlus 13 series is positioned as offering the strongest long-term support among major Chinese Android brands at four OS updates and six years of security patches.
The OnePlus 9 and 9 Pro illustrate where the brand was before the policy change. Those devices lost OS update support in 2024 after three years, then received one additional year of security patches before going fully unsupported in 2025. The OnePlus 10 Pro received an additional Android 16 update as a goodwill gesture but is now in security-patch-only mode, expected to reach full end of support in early 2027.
OnePlus Nord CE and Nord N series budget devices receive significantly less support than the main lineup - typically two to three OS updates. Buyers in that price segment who prioritize longevity should factor this in explicitly.
Motorola: Budget Reputation, Improving Slowly
Motorola has historically carried one of the weakest update reputations among major Android manufacturers. Most Motorola phones have received one to two Android OS updates with two to three years of security patches, even at mid-range price points. Several Motorola models lost all support in 2025 and 2026, including the Moto G04, Moto G13, Moto G23, Moto G72, Moto G73, Moto E13, and multiple Edge series models.
The company is attempting to change this positioning with the introduction of its new "Signature" series in early 2026, which Motorola has indicated will receive longer update commitments. Its ThinkPhone 25 and Moto G75 have been placed on a five-year update track, which represents a significant improvement for Motorola. The Edge 50 Neo offered five years of updates as of 2024, marking the start of this policy shift. Whether the improved commitment extends meaningfully across the broader Motorola lineup remains to be verified over time.
Other Android Brands: The Honest Summary
OPPO Find X series flagships launched in 2025 and beyond receive five years of OS updates and six years of security patches. Find N5 foldables receive four OS updates and six years of patches. Mid-range Reno and F series devices receive three OS updates. Budget OPPO A series devices receive as few as one OS update or none at all.
Xiaomi flagship devices typically receive four OS updates and five years of security patches. Nothing Phone 3 commits to five OS updates and seven years of security patches, a remarkably strong commitment for a smaller brand. Nothing Phone 3a series receives three OS updates and six years of security patches. Realme's policy is inconsistent - the GT 7 Pro flagship is limited to three years of OS updates despite its flagship positioning, while the GT 8 series offers four.
The consistent pattern across every manufacturer is that flagship devices receive the best support, mid-range devices receive less, and budget devices receive the minimum. The gap between a company's best and worst update commitments within a single product lineup can be as large as five years.
The Hidden Factor: Chipset Support
There is a factor in Android update decisions that manufacturers rarely discuss openly because it is not flattering to the ecosystem: chipset manufacturer support.
Android updates require cooperation from the company that made the processor inside the phone. Qualcomm, MediaTek, and other chipmakers maintain the driver code that connects their hardware to each Android version. When a chipmaker stops supporting a particular chipset - stops releasing updated drivers for new Android versions - the OEM's ability to ship a full OS update on devices using that chip effectively ends, regardless of what the OEM publicly committed to.
Google addressed this problem for its own devices by working with ARM to shift Pixel chips to a kernel architecture that can be maintained independently of chipmaker release cycles. This is part of why Pixel's seven-year commitment is credible where similar claims from other manufacturers carry more uncertainty. Samsung Exynos chips are designed internally, giving Samsung similar independence on Exynos-powered devices. MediaTek and Qualcomm have both extended chipset support windows in recent years under pressure from Google's Project Treble and the seven-year benchmark, but the dependency has not been eliminated.
This is why the EU's Ecodesign Regulation matters as a forcing function. By 2026, five years of security updates has become the effective minimum legal expectation for midrange and flagship smartphones sold in regulated EU markets. Manufacturers that want to sell in Europe are required to build longer support into their supply chain and chipmaker agreements from the start. That regulatory pressure is one of the reasons OnePlus, OPPO, and Xiaomi have all extended their flagship commitments in the past two years.
What Happens to Your Phone When Support Ends
The phone continues to function. Most apps will continue to work for a period. But specific, documented problems accumulate from the moment patches stop arriving.
The most immediate risk is unpatched security vulnerabilities. Android's monthly security bulletins document dozens of vulnerabilities every month across the kernel, system framework, and hardware drivers. An unsupported device receives none of these patches. September 2025's bulletin addressed CVE-2025-48543, a use-after-free vulnerability in Android Runtime that allowed attackers to escape the Chrome sandbox and escalate privileges to system-level without any user interaction required. Devices that received the September 2025 security patch were protected. Devices past their end-of-support date were not, and remain unprotected permanently.
Kaspersky reported a 300% spike in Android-focused attacks since January 2025, with documented exploitation of older vulnerabilities specifically targeting devices that could not receive patches. The correlation is direct: when large numbers of devices age out of support simultaneously - as happened with the Samsung Galaxy S21 series in early 2026 - those devices become a concentrated target pool for attack campaigns.
Beyond security, app compatibility degrades. Banking apps increasingly require minimum Android API levels that unsupported devices cannot reach. A specific documented example: SBI's banking app in India stopped working on Android 13 and below, forcing users with phones stuck on older Android versions to either upgrade their device or lose mobile banking access. Healthcare apps and workplace management tools impose similar minimum OS requirements. Employers issuing work-managed device policies increasingly require minimum patch levels that unsupported devices cannot satisfy.
The practical impact is not hypothetical or distant. It follows a documented timeline. Security patches stop first. Feature updates stop next. App minimum requirements gradually exclude the device. The window between "last security patch" and "effectively unusable for essential apps" has shortened as apps have tightened their requirements. Research suggests it is now typically 18 to 24 months.
The Regulatory Shift That Is Changing Everything
The voluntary commitments manufacturers make are increasingly being replaced by legally binding requirements, and the change is accelerating.
The EU's Ecodesign Regulation sets minimum software support requirements for smartphones and tablets sold in EU markets. Under the current framework, five years of security updates is the emerging minimum expectation for flagship and mid-range devices. The regulation also requires manufacturers to disclose end-of-support dates clearly at the point of sale, so buyers know what they are committing to before purchase rather than finding out after the fact.
UK regulations mirror the EU approach with similar minimum security update requirements for connected devices. The US has not implemented equivalent federal mandates for consumer smartphones, though CISA's increasing activity in documenting actively exploited mobile vulnerabilities is creating pressure on manufacturers from the enterprise and government procurement side.
The market effect of regulation is already visible. The competitive pressure created by Google's seven-year Pixel commitment, reinforced by the EU's legal requirements, has pushed Samsung to match seven years on flagship devices and extend to five years on mid-range. It has pushed OnePlus, OPPO, and Xiaomi to improve flagship commitments. Motorola is showing early signs of the same shift. The floor for acceptable update policy is rising across the industry because regulation and competition are both pushing it upward simultaneously.
How to Use This Information When Buying a Phone
The practical lesson from this is that software support should be evaluated as carefully as hardware specifications when buying any smartphone in 2026. A phone's update commitment determines its real usable lifespan, not its processor speed or camera megapixel count.
The first number to check is not the total years of support from launch but the years of support remaining from today. A Pixel 9 purchased now carries seven years of support. A Pixel 6 purchased now carries perhaps two years of remaining support before its 2028 end-of-support date arrives. The headline commitment on the box was the same. The practical value is entirely different depending on when you are buying.
Manufacturer track record matters alongside policy statements. Apple and Google Pixel have documented track records of delivering the support they promise, on schedule, without significant gaps. Samsung's track record has improved substantially. OnePlus has improved but has a shorter history of honoring extended commitments. Motorola's budget lineup has a poor historical track record that its new Signature series is attempting to change. Trust should be proportional to documented delivery, not to headline numbers.
The distinction between OS updates and security patches matters for your specific situation. OS updates bring new features and compatibility improvements. Security patches are what keep your device safe. If your primary concern is security rather than features, a device with a shorter OS update window but a longer security patch commitment may serve you well. If you need banking apps and workplace tools to keep working through the device's life, OS update coverage matters more because app minimum requirements track Android version rather than security patch level.
Budget phones deserve honest scrutiny before purchase. A phone sold for $150 with one year of OS updates and two years of security patches is effectively a device that will become a security liability within 24 months. When phones cost $150, the expectation has been that buyers replace them frequently. As overall device prices rise and the average ownership cycle extends toward four years, a two-year update window becomes genuinely harmful rather than merely suboptimal. The manufacturers that have begun extending budget device support - Samsung Galaxy A series, Nothing, OnePlus Nord 4 - deserve to be distinguished from those that have not.
The decision manufacturers make about when to stop supporting your device is a business decision. Making it an informed factor in your own purchasing decision is the most direct response available to individual buyers. The companies that offer seven years of updates are betting that longer-supported devices will win customer loyalty. In 2026, with device prices rising and replacement cycles lengthening, that bet looks increasingly correct.
Welcome to iTechnoGlobe! Feel free to ask questions. Please avoid using abusive language, hate speech, or spam links. Such comments will be deleted immediately. Lets keep it professional!