Apple Commits to at Least Five Years of iPhone Security Updates

[MacRumors]

Apple has revealed its commitment to a minimum of five years of iPhone security software updates from the date a device is launched, thanks to a new legal requirement in the United Kingdom (via Android Authority).

Earlier this year, the U.K. established new Product Security and Telecommunications Infrastructure (PSTI) regulations, which force companies that sell internet-capable products in the country to comply with certain security requirements.

One of the requirements of the PSTI is that companies define a support period, or minimum length of time, for which security updates will be provided after sale. A "security update" is defined by the regulation as a "software update that protects or enhances the security of a product, including a software update that addresses security issues which have been discovered by or reported to the manufacturer."

In compliance with the regulation, Apple has submitted a public regulatory filing for the iPhone 15 Pro Max. The PSTI filing shows that the device's "defined support period" is a "minimum five years from the first supply date." The "first supply date" is listed as "September 22, 2023," which is when the iPhone 15 series launched.

Unlike Samsung and Google, Apple is not usually explicit about its legacy software support for iPhone devices, so the five-year minimum should come as good news to Apple users holding onto older devices. However, as Android Authority notes, both Samsung and Google guarantee seven years of security updates as well as Android OS updates for their devices, which is two years longer than what Apple is guaranteeing here.

That said, Apple typically provides older devices with the latest security updates longer than the stated five-year period. For example, just this March Apple pushed a security update to iPhone 6s models, which launched in September 2015, or nine years ago.

Going back further, in November 2020, Apple released an update to patch major security issues for the ‌iPhone‌ 5S, which was released in 2013. That's seven years after the device went on sale. In other words, while the minimum-five year period is now set in stone, iPhone users can take comfort in the fact that Apple has a strong history of keeping legacy devices in the loop for several years longer.

Article Link: Apple Commits to at Least Five Years of iPhone Security Updates

 

[Imory]

That’s a step in the right direction, but certainly disappointing given the additional two years provided by their competitors. I see no reason why Apple doesn’t provide the same length of support as their Macs which is essentially 7 years.

You can certainly do better here Apple.

 

[winxmac]

iPhone 4 [A4] - iOS 4 to iOS 7
iPhone 4s [A5] - iOS 5 to iOS 9
iPhone 5 [A6] - iOS 6 to iOS 10
iPhone 5c [A6] - iOS 7 to iOS 10
iPhone 5s [A7] - iOS 7 to iOS 12
iPhone 6 [A8] - iOS 8 to iOS 12
iPhone 6s/SE 2016 [A9] - iOS 9 to iOS 15
iPhone 7 [A10 Fusion] - iOS 10 to iOS 15
iPhone 8/X [A11 Bionic] - iOS 11 to iOS 16
iPhone XR/XS [A12 Bionic] - iOS 12 to iOS 17
iPhone 11/11 Pro/SE 2020 [A13 Bionic] - iOS 13 to iOS 17

The last two feels most likely to happen but WWDC 2024 will determine whether I'm wrong or right...

 

[tomtad]

Well done UK 👏

 

[MilaM]

Strange move by Apple to only guarantee the five-year minimum. Would be interesting to know what the rationale is behind this.

Long term software support is probably the most important reason why I buy and recommend Apple devices.

 

[foobarbaz]

so the five-year minimum should come as good news to Apple users holding onto older devices

No, they should do better.
A minimum of five years of major OS versions (as they have already been doing in the past) is okay IMO, but security updates should be guaranteed for longer. Google and Samsung show it's possible.

Remember, Apple sells iPhones for 3 years. So 5 years after initial release is only 2 years for some customers. That's just not enough. (Again, not talking about new features but security updates, without which using the phone is frankly gambling.)

 

[PsykX]

Don't they already do much more than that ? And not just security fixes, but major releases too.

My iPhone XR from 2018 has the very latest OS six years later.

 

[MilaM]

Don't they already do much more than that ? And not just security fixes, but major releases too.

When you look at iPhones and iPads, I agree. But due to the Intel/Apple Silicon transition, some more recent Macs were not so lucky. I have an iMac that will only get six years of security patches after last being sold in the market. And I'm still quite miffed because of this.

 

[jlc1978]

That’s a step in the right direction, but certainly disappointing given the additional two years provided by their competitors. I see no reason why Apple doesn’t provide the same length of support as their Macs which is essentially 7 years.

You can certainly do better here Apple.

Per TFA, Apple has provided security updates for longer than 5 years on past devices.

What to me is more interesting is this from the explanatory notes:

1. Subsection (3) sets out a non-exhaustive list of what, in addition to a physical device, a security requirement may apply to. This list includes software related to a product which may or may not be installed on the product. The software may or may not be provided by the manufacturer of the product.

If manufacturer is taken broadly every developer of an app will have to comply.

In addition, who decides if a reported issue really is a security issue, and what is a valid fix?

 

[Berti10]

That fits very well with my 5-y upgrade cycle I am right now. Was 2y with my 3GS, became 3y with the 6, 4y with the 8Plus and now 5y with my 13PM.

 

[Jay-Jacob]

🤔 Apple already do security update more than 5 years already anyway. iOS/iPadOS operating system update is different separate.

My old iPad Pro 9.7 is 8 years old and still getting security updates. Just got new iPad Pro now though. My Dad iPad cannot be updated new iPadOS but still get security updates.

 

[Paddle1]

iPhone 4 [A4] - iOS 4 to iOS 7
iPhone 4s [A5] - iOS 5 to iOS 9
iPhone 5 [A6] - iOS 6 to iOS 10
iPhone 5c [A6] - iOS 7 to iOS 10
iPhone 5s [A7] - iOS 7 to iOS 12
iPhone 6 [A8] - iOS 8 to iOS 12
iPhone 6s/SE 2016 [A9] - iOS 9 to iOS 15
iPhone 7 [A10 Fusion] - iOS 10 to iOS 15
iPhone 8/X [A11 Bionic] - iOS 11 to iOS 16
iPhone XR/XS [A12 Bionic] - iOS 12 to iOS 17
iPhone 11/11 Pro/SE 2020 [A13 Bionic] - iOS 13 to iOS 17

The last two feels most likely to happen but WWDC 2024 will determine whether I'm wrong or right...

Maybe, but rumors so far have said iOS 18 will support the same iPhones as iOS 17.

 

[00sjsl]

If the UK legislation relates to the date of sale, why is the response relative to the launch date?

 

[SpotOnT]

iPhone 4 [A4] - iOS 4 to iOS 7
iPhone 4s [A5] - iOS 5 to iOS 9
iPhone 5 [A6] - iOS 6 to iOS 10
iPhone 5c [A6] - iOS 7 to iOS 10
iPhone 5s [A7] - iOS 7 to iOS 12
iPhone 6 [A8] - iOS 8 to iOS 12
iPhone 6s/SE 2016 [A9] - iOS 9 to iOS 15
iPhone 7 [A10 Fusion] - iOS 10 to iOS 15
iPhone 8/X [A11 Bionic] - iOS 11 to iOS 16
iPhone XR/XS [A12 Bionic] - iOS 12 to iOS 17
iPhone 11/11 Pro/SE 2020 [A13 Bionic] - iOS 13 to iOS 17

The last two feels most likely to happen but WWDC 2024 will determine whether I'm wrong or right...

That is just major updates though.

Apple still provides “security updates” for another 2-4 years after a phone no longer can get major updates.

 

[ApplesAreSweet&Sour]

iPhone 4 - iOS 4 to iOS 7
iPhone 4s - iOS 5 to iOS 9
iPhone 5 - iOS 6 to iOS 10
iPhone 5c - iOS 7 to iOS 10
iPhone 5s - iOS 7 to iOS 12
iPhone 6 - iOS 8 to iOS 12
iPhone 6s - iOS 9 to iOS 15
iPhone 7 - iOS 10 to iOS 15
iPhone 8/X - iOS 11 to iOS 16
iPhone XS/XR - iOS 12 to iOS 17
iPhone 11/11 Pro - iOS 13 to iOS 17

The last two feels most likely to happen but WWDC 2024 will confirm whether I'm wrong or right...

The commitment Apple made concerns security updates and doesn't address how many versions/years of full OS(iOS) software updates every iPhone is guaranteed to support.

The post and article referred to here seems to mix up the two, or just fails to differentiate specifically what Google and Samsung have committed to versus what Apple has committed to:

Google and Samsung have guaranteed most of their newer devices 7 years of both OS and security updates.

Apple, however, has only committed to guaranteeing 5 years of security updates for newer iPhones. Apple is not guaranteeing any number/years of OS(iOS) updates.

The UK regulation doesn't concern full OS software updates, so Apple is only doing the minimum of what the law requires.

However, it should be noted that, historically, Apple has, on average, provided more years OS and security updates for iPhones compared to what most (all?) manufacturers of Android smartphones provide.

But Apple has, in the past, never guaranteed iPhone owners any number/years of security or OS updates apart from this 5 year commitment that was announced here.

 

[AppliedMicro]

Strange move by Apple to only guarantee the five-year minimum. Would be interesting to know what the rationale is behind this

They didn’t guarantee „only“ the five-year minimum.
They submitted, as the article states, a regulatory filing guaranteeing the „minimum five years“ as required.

 

[ApplesAreSweet&Sour]

If the UK legislation relates to the date of sale, why is the response relative to the launch date?

It doesn't refer to when a sale of a given smartphone was made to a specific buyer, but rather the specific date the device went on sale and could be used by the buyer, the date it was was "in supply".

The post uses the terms "launch", "sale", and "in supply" interchangeably. But it would seem they aren't interchangeable in a legal setting.

The 5 years of security updates run from the first day the smartphone was "in supply", aka in-stock and available for purchase (not the pre-order date, or date the product was announced).

It's the buyer's responsibility to purchase on the first day the smartphone is "in supply". Acquiring the smartphone any sooner means you get <5 years of security updates.

 

[backstreetboy]

but no multiple user profiles

Buy another iPhone.

 

[madebybela]

I still believe we could be theoretically nearing 7-10 year support, but I dont think that would make shareholders happy lol

 

[Rock_Artist]

As Apple usually provides longer support. I guess this is only for specifications without committing to anything.

So if they do decide to backslash their customers, they could do so without changing specs.
This is "at least" so it's only committing to the minimum.

I do hope they don't have interest changing this.

 

[jonnysods]

Considering people are paying thousands of dollars for these devices I think they should go the full 7 years.

 

[chrono1081]

That’s a step in the right direction, but certainly disappointing given the additional two years provided by their competitors. I see no reason why Apple doesn’t provide the same length of support as their Macs which is essentially 7 years.

You can certainly do better here Apple.

They do do better. You seem to not be aware they already go beyond seven years. We have plenty of field devices at work that would occasionally receive security updates despite being well past the 5 and even 7 year mark.

 

[Jim Lahey]

You'll forgive me if I don't get too excited about the UK worming its way into matters of security pertaining to software 'updates' for our personal electronics.

Apple Warns Proposed UK Law Could 'Secretly Veto' Global User Protections

Apple is "deeply concerned" that proposed changes to British surveillance legislation could give the U.K. government unprecedented powers to secretly prevent software updates from being released in any other country (via BBC News). The UK government is planning to update the Investigatory...

forums.macrumors.com

 

[Motorola68000]

The problem with this 'commitment' is it does not mean that iPhones will have full facilities, i.e. AI for example, where it suggests that even phones way under 5 years will find they can not utilise functions otherwise available.

Effectively it might support software upgrades, but not necessarily full upgrades across the 5 year range, so by recent comments about AI, it would make that 5 year support somewhat erroneous.

 

[eveluvsrainbows]

No, they should do better.
A minimum of five years of major OS versions (as they have already been doing in the past) is okay IMO, but security updates should be guaranteed for longer. Google and Samsung show it's possible.

Remember, Apple sells iPhones for 3 years. So 5 years after initial release is only 2 years for some customers. That's just not enough. (Again, not talking about new features but security updates, without which using the phone is frankly gambling.)

The problem is, Google giving the Pixel 8 line 7 years of updates mean that by the time they get their final update, the devices will likely be so slow to the point of not even being remotely as functional as they are now. So longer update periods aren't always a good thing. And knowing Google and how often they kill things off, there's no way of knowing if Google will even stick to that support period. And Samsung still takes forever to roll out major software updates. And to be honest, you can't exactly say "Google and Samsung show it's possible" when at the moment there's been no proof, just text on a website.