Apple and Google will have to tell customers when their smartphones will stop working and leave them at risk of hacking, under laws being considered. The move is part of plans to ensure smart devices meet stricter security requirements and include smart speakers, baby monitors and video doorbells. Tech giants will be required to say how long new gadgets will get software that protects them from hacking and keeps apps running properly. A third of users are now keeping handsets for up to four years, but some brands offer vital updates for only two. Which? found most iPhones were still receiving updates after five years, but some Android phones guaranteed just two or three years’ new software while others abruptly cancelled planned updates for relatively new phones. University College London found in a study of 270 devices that none told users how long the tech would receive security software at the point of sale. Matt Warman, the digital infrastructure minister, said: “Phones and smart devices can be a goldmine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.” Politicians have launched efforts to make it easier for consumers to repair broken gadgets, in particular home appliances, to extend their lifespan. MPs on the Environmental Audit Committee have also hit out at “planned obsolescence”, devices that only last a short time, to cut waste, while innovation foundation Nesta has called for seven years of software updates to “break the two-year cycle” that forces consumers to regularly buy new tech. Although iPhones do provide several years of security updates, Apple has come under fire for slowing down its smartphones to improve battery life. Last year, it agreed to pay £360 million to settle a class action, although it did not admit wrongdoing. In 2020, Microsoft ended support for Windows 7 after agreeing to at least 10 years’ support when it was released in 2009. Makers will be expected to provide a simple point of contact for the public to report any vulnerabilities. And easy-to-guess default passwords such as “password” or “admin” will be banned. In extreme cases, so-called internet-of-things devices have been hijacked in their millions and used for “denial of service” attacks. The 2016 Mirai botnet attack, which shut down swathes of US websites, was one such cyber attack. Under the rules, device makers will also be mandated to provide a point of contact so that cyber researchers and “white hat”, or ethical, hackers can warn them of faults with their gadgets. Industry group the Cyber Tech Accord, backed by Arm, Microsoft and Dell, has also launched a set of voluntary standards to improve the security of smart devices, including a set of digital health check labels to be displayed on new tech such as toys and cameras.