Many Android phone brands offer critical security updates only two years after a phone is released, even though customers may use the phone for up to six years, putting it at risk of hacking.

Even if the mobile phones appear to be functioning normally, users could be at risk of data theft or infection with ransomware or a range of other malware that could result in bills running into hundreds of pounds, warned consumer group Which?.

A new Which? report says that while recently out-of-support devices may not experience immediate issues, without security updates the risk of being hacked increases dramatically. It also says that phone users are unaware of the problem.

Mobile phones from brands like Apple (AAPL), Samsung (005930.KS) and Huawei lasted six years or more before needing to be replaced due to defects or performance issues. However, while Apple offers five or six years of software support, some Android brands only offer these important updates for two or three years.

READ MORE: Poor customer service could cost UK businesses £1.9 billion over the holidays

Which? believes brands need to be more transparent with consumers about their update policies and practices, and communicate clearly when a device is no longer supported.

These findings “further underline the importance and urgency of new laws proposed by the Department for Digital, Culture, Media and Sport requiring smart devices sold in the UK to meet basic security requirements,” the report said.

The consumer organisation is calling for strict measures to enforce the obligations of companies that disappoint their customers by failing to fulfil their obligations.

In a survey of more than 15,000 Which? members, a third of respondents (32%) said they had kept their mobile phone for more than four years.

The Which? survey found that only a handful (7%) of respondents cited a lack of ongoing support as a reason for replacing their phone, suggesting a lack of awareness of the issue.

Another problem highlighted by Which? is that without security updates, phones that might otherwise be in perfect working order cannot be used or resold after two or three years without putting their owners at risk. This exacerbates the UK’s growing e-waste problem as these devices are dumped in landfills.

SEE: What is the budget deficit and why is it important?