Both my work and family mobiles are all iPhone-based. The general principle we adopt for both sets is, once a phone can longer run the latest release of software, we wipe it and send for refurbishment. I do worry a little that the old phones are sold-on rather than broken down. I wouldn’t recommend anyone to buy something that can’t be updated.
Here’s a chart of which model supports which versions of iOS (13 is the latest):
And this is the discussion about Android…:
[…] So is using an out-of-date phone safe?
As Christoph Hebeisen, director of security intelligence firm Lookout explains, “We do not consider it safe to run a device that does not receive security patches. Critical security vulnerabilities become public knowledge every few weeks, or months, and once a system is out of support, then users who continue to run it become susceptible to exploitation of known vulnerabilities.”
According to Hebeisen, a vulnerable phone could allow full access to everything that’s on your phone, including your personal and company emails, contact information, listening to your phone calls or accessing your banking details. A hacker could continue to see this information for as long as you continue using the compromised handset.
Paul Ducklin, principal research scientist at security firm Sophos agrees, saying, “If your phone has a software vulnerability that crooks already know how to exploit, for example to steal data or implant malware, then that vulnerability is going to be with you forever.”