Question Is an Android 13 device safe enough until 2027?(No security patches)

Please provide comments and solutions that are helpful to the author of this topic.
N

nonamebob567

Level 1
Thread author
Apr 24, 2025
25
90
31
Hi there, I'm currently using an Android 13 device for daily activities such as web browsing, sharing internet with my PC (USB tethering), etc. I already understand that Android 13 is not safe for banking and financial-related tasks, what I need to know is whether my device is safe enough to use for pc USB internet sharing?. I intend to upgrade my phone next year to a Samsung device, specifically for longer updates. However, if there's a chance that someone could hack my phone remotely just by finding my phone number (Android 13 vulnerabilities maybe), then I'll upgrade much sooner than 2027.

I have basic digital hygiene, like not installing third-party apps/shady apps and not sharing my phone number with random people and updating google apps regularly if it makes any differance.

my device no longer recieving security patches from the manufacturur. (Last security patch september last year)

Thank you.
 
Last edited:
  • Like
Reactions: SeriousHoax, Khushal, Sampei.Nihira and 1 other person
nonamebob567 said:
Hi there, I'm currently using an Android 13 device for daily activities such as web browsing, sharing internet with my PC (USB tethering), etc. I already understand that Android 13 is not safe for banking and financial-related tasks, what I need to know is whether my device is safe enough to use for pc USB internet sharing?. I intend to upgrade my phone next year to a Samsung device, specifically for longer updates. However, if there's a chance that someone could hack my phone remotely just by finding my phone number (Android 13 vulnerabilities maybe), then I'll upgrade much sooner than 2027.

I have basic digital hygiene, like not installing third-party apps/shady apps and not sharing my phone number with random people and updating google apps regularly if it makes any differance.

Thank you.
Click to expand...
Android 13 is not automatically unsafe for USB tethering, but the real risk depends on whether your phone is still receiving security updates from its manufacturer.

What matters most

  • Android version alone does not tell the full security story.
  • A phone on Android 13 with current security patches can be significantly safer than a newer Android version that is badly maintained.
  • If your device no longer gets monthly or quarterly security updates, its exposure to known vulnerabilities increases over time.

About USB tethering risk

Using your phone for USB internet sharing to a PC is generally a lower-risk activity than installing unknown apps or exposing services directly to the internet.

In normal use, USB tethering does not mean someone can hack your phone just by knowing your phone number.

For that to happen, there would usually need to be a specific remotely exploitable vulnerability in:

  • The cellular baseband
  • The phone app / messaging stack
  • The network stack
  • A vendor-specific service

Those types of attacks do exist in the real world, but they are not typically something random attackers can do at scale just from having a phone number. They are usually more relevant in targeted attacks, high-value targets, or when a device has serious unpatched flaws.

Practical risk assessment

Based on what you described:

  • Not installing shady apps helps a lot.
  • Keeping Google apps updated is useful, but it does not replace full system security patches from the phone maker.
  • Not giving your number out widely slightly reduces nuisance targeting, but phone numbers are not secret in any strong security sense.

So for ordinary daily USB tethering, your risk is probably more influenced by:

  • Whether the phone still receives security patches
  • Whether the PC you tether to is clean and updated
  • Whether USB debugging is disabled
  • Whether you avoid unknown cables, accessories, and apps

Important limitations

I cannot safely say your device is fully safe or unsafe without knowing:

  • The exact phone model
  • The manufacturer
  • The current Android security patch level
  • Whether the bootloader is locked
  • Whether the device is still in official support

Without that information, the most accurate answer is that USB tethering itself is not a major red flag, but an out-of-support phone becomes progressively less trustworthy for any security-sensitive role.

What you should check now

On the phone, verify:

  • Security patch level
  • Google Play system update version
  • Whether developer options and USB debugging are off
  • Whether the device is still within the vendor’s update policy

If the phone is still getting security updates, using it for USB tethering only is generally reasonable for normal home use.

If the phone is no longer receiving updates, I would treat it as acceptable only for lower-risk tasks and plan to replace it sooner rather than later.

When to upgrade sooner

Upgrading earlier makes sense if:

  • The device is already out of support
  • The last security patch is many months old
  • The vendor has a poor update history
  • You also use the phone for email, passwords, 2FA, or account recovery
  • You want a longer-term security baseline

A recent Samsung device is a sensible choice in general because many models now get relatively long security support compared with a lot of Android vendors.

Bottom line

For USB tethering alone, an Android 13 phone is not likely to be remotely compromised just because someone knows your phone number. The bigger issue is whether your specific device is still patched and supported. If it is still receiving updates, using it for PC internet sharing is generally reasonable. If it is out of support, I would avoid trusting it for anything important and move the upgrade forward.

If you want the most reliable conclusion, check the exact model’s support status and current security patch level and follow the vendor’s official update policy.
 
  • Like
Reactions: nonamebob567
Bot said:
Android 13 is not automatically unsafe for USB tethering, but the real risk depends on whether your phone is still receiving security updates from its manufacturer.

What matters most

  • Android version alone does not tell the full security story.
  • A phone on Android 13 with current security patches can be significantly safer than a newer Android version that is badly maintained.
  • If your device no longer gets monthly or quarterly security updates, its exposure to known vulnerabilities increases over time.

About USB tethering risk

Using your phone for USB internet sharing to a PC is generally a lower-risk activity than installing unknown apps or exposing services directly to the internet.

In normal use, USB tethering does not mean someone can hack your phone just by knowing your phone number.

For that to happen, there would usually need to be a specific remotely exploitable vulnerability in:

  • The cellular baseband
  • The phone app / messaging stack
  • The network stack
  • A vendor-specific service

Those types of attacks do exist in the real world, but they are not typically something random attackers can do at scale just from having a phone number. They are usually more relevant in targeted attacks, high-value targets, or when a device has serious unpatched flaws.

Practical risk assessment

Based on what you described:

  • Not installing shady apps helps a lot.
  • Keeping Google apps updated is useful, but it does not replace full system security patches from the phone maker.
  • Not giving your number out widely slightly reduces nuisance targeting, but phone numbers are not secret in any strong security sense.

So for ordinary daily USB tethering, your risk is probably more influenced by:

  • Whether the phone still receives security patches
  • Whether the PC you tether to is clean and updated
  • Whether USB debugging is disabled
  • Whether you avoid unknown cables, accessories, and apps

Important limitations

I cannot safely say your device is fully safe or unsafe without knowing:

  • The exact phone model
  • The manufacturer
  • The current Android security patch level
  • Whether the bootloader is locked
  • Whether the device is still in official support

Without that information, the most accurate answer is that USB tethering itself is not a major red flag, but an out-of-support phone becomes progressively less trustworthy for any security-sensitive role.

What you should check now

On the phone, verify:

  • Security patch level
  • Google Play system update version
  • Whether developer options and USB debugging are off
  • Whether the device is still within the vendor’s update policy

If the phone is still getting security updates, using it for USB tethering only is generally reasonable for normal home use.

If the phone is no longer receiving updates, I would treat it as acceptable only for lower-risk tasks and plan to replace it sooner rather than later.

When to upgrade sooner

Upgrading earlier makes sense if:

  • The device is already out of support
  • The last security patch is many months old
  • The vendor has a poor update history
  • You also use the phone for email, passwords, 2FA, or account recovery
  • You want a longer-term security baseline

A recent Samsung device is a sensible choice in general because many models now get relatively long security support compared with a lot of Android vendors.

Bottom line

For USB tethering alone, an Android 13 phone is not likely to be remotely compromised just because someone knows your phone number. The bigger issue is whether your specific device is still patched and supported. If it is still receiving updates, using it for PC internet sharing is generally reasonable. If it is out of support, I would avoid trusting it for anything important and move the upgrade forward.

If you want the most reliable conclusion, check the exact model’s support status and current security patch level and follow the vendor’s official update policy.
Click to expand...
Device no longer recives security patches from the manufacturer.
 
  • Like
Reactions: Khushal, Sampei.Nihira and Zero Knowledge
nonamebob567 said:
Device no longer recives security patches from the manufacturer.
Click to expand...
If the device no longer receives manufacturer security patches, then the main issue is not USB tethering itself, but that the phone is now a growing security risk over time.

What that means in practice

  • USB tethering does not by itself make the phone especially dangerous to use.
  • However, an unsupported phone can remain exposed to known vulnerabilities that will no longer be fixed.
  • Google app updates and Play system updates help a little, but they do not replace full vendor security patches.

So for your specific use case:

  • Using it for basic USB internet sharing is usually still lower risk than using it for banking, password management, or sensitive account access.
  • It is not accurate to say someone can easily hack it just by knowing your phone number.
  • But it is also not something I would call reliably secure anymore, because unpatched devices become harder to trust with time.

Risk level

For an average home user, the risk of immediate remote compromise just from tethering is still relatively low.

The bigger concern is cumulative exposure:

  • Cellular or network-related vulnerabilities
  • Browser or media parsing vulnerabilities
  • Vendor-specific flaws
  • Any future exploit that affects your model and remains permanently unpatched

That does not mean compromise is likely tomorrow, but it does mean the margin of safety keeps shrinking.

Reasonable use vs. use to avoid

Still relatively reasonable for now:

  • Basic web access
  • USB tethering for a PC
  • Non-sensitive everyday use with caution

Better avoided:

  • Banking and payments
  • Storing important passwords
  • Using it as a primary 2FA or account recovery device if possible
  • Handling sensitive work or personal data

If you must keep using it until replacement

  • Keep USB debugging turned off
  • Install apps only from Google Play
  • Remove apps you do not need
  • Keep Chrome, Android System WebView, Google Play services, and all apps updated
  • Do not root the device or unlock the bootloader
  • Avoid public charging ports and unknown USB accessories
  • Keep the PC you tether to fully updated and clean

Upgrade timing

If the phone is already out of support, I would not wait until 2027.

A more cautious approach would be to replace it sooner, especially if it also handles:

  • Email
  • 2FA codes
  • Account recovery
  • Personal documents
  • Any financial or identity-related activity

Bottom line

If your phone no longer gets manufacturer security patches, it is no longer a good long-term security choice. For USB tethering alone, the risk is still not the same as “someone can hack me just from knowing my number,” but the device should now be treated as low-trust. Using it temporarily for tethering is usually acceptable with care, but I would move the upgrade forward rather than keeping it until 2027.
 
  • Like
Reactions: Sampei.Nihira and nonamebob567
In general, it's safe to use and won't be immediately compromised just because it stops receiving security updates. I recommend staying up-to-date with Android security news, which you'll find if you regularly browse the MT forum. For added security, don't save any sensitive data on your phone (just to be safe, there's no need to worry), and use a supported password manager to store your passwords instead of the default Android password manager or browser.
 
  • Like
  • Wow
  • +Reputation
Reactions: nonamebob567, Halp2001, Khushal and 3 others
Would you use Windows without doing Patch Tuesdays ? While keeping safe cyber hygeine ? Of course it is unsafe. There are varying degrees of un-safe-ness depending on what bugs the patches fix. A remote code execution bug is the worst, an attacker can tap on his computer and you get hacked. A privilege escalation bug is less so, the attacker has to be inside your box and execute this privilege escalation exploit. A security bypass is somewhere between the two.

Now look at the Android. The bugs may not be classified as neatly for you ( I don't know ) but the same classes of bugs exist.

Now look at this month's Patch Tuesday. 96 Privilege escalations. 20something RCEs. I am not saying for sure that Androids have this many bugs. Google's programmers maybe way better than MS's, but where's the chance of that? I remember many years ago my Android was hacked to smithereens.

Not patching is just asking for trouble. And if you are like most young people, you use your phone more than you use Windows. Which underlines the necessity of security on your cell phone.
 
Last edited:
  • Like
  • +Reputation
Reactions: nonamebob567, Halp2001, Khushal and 4 others
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: TairikuOkami, nonamebob567, Halp2001 and 5 others
Besides those precautions and usage limitations mentioned you can strengthen your expired-android phone as below

1) If the phone comes with strong hardware security chip for protection, use it. Premium Samsung phones come with strong hardware protection, KNOX. Others include iPhone, Google Pixel, Honor etc also come with strong hardware security protection.
2) Make use of features in the phone's Security and Privacy settings to strengthen security/privacy
3) Use 3rd-party sandbox app to isolate apps besides the default sandbox by android e.g. Island, Shelter, Insular etc
4) Use App Lock to lockdown your apps and/or Hide them
5) If the phone comes with a Encrypt/Decrypt feature use it e.g. Private Safe in OPPO phone, Secured Folder in Samsung phone etc. The file manager will not be able to see the files as they are stored in an encrypted space designed for privacy protection. The best is to get a 3rd-party app to encrypt your data (files). This is to prevent any backdoor or phone sending data back to phone manufacturer
6) Fake(spoof) your GPS location using Surfshark VPN besides its VPN function
Most smartphones nowadays have a GPS function that allows you to find your exact location. This function is often used by applications requiring your physical location to provide the service or specific features. Some examples of such apps would be:

- Uber (finds your location so the driver would know where to pick you up)
- Google Maps (indicates your physical location as a starting point of your chosen route)
- Snapchat (shows your location on the map, so your friends know where you are)

If you enable this feature on the Surfshark app, it will automatically match your GPS location with your chosen server's location. That will be useful if:

- Don’t want apps to see your location at all times
- Wish to use an app that only provides its service in specific countries

7) Use a strong AV like BitDefender Mobile Security
8) Use privacy/security browsers like Brave and Firefox
 
Last edited:
  • Like
  • Hundred Points
Reactions: TairikuOkami, nonamebob567, Khushal and 4 others
It's a pity that cell phone companies now use security patches as a leverage to get you to upgrade your phone. The norm seems to be 6 yrs of patches ? i maybe wrong. But look at DELL, they provide drivers, bios updates for 9 yrs ! I think cell phone companies shouldn't be that greedy.
 
  • Like
  • Hundred Points
  • Applause
Reactions: nonamebob567, Halp2001, Khushal and 2 others

You may also like...