after Apple removed a character from its Czech keyboard
I wonder what the thought process (or perhaps lack thereof) at Apple was. Did no one of the likely-somewhat-large team who did that think "wait, this could lock out our users who may have used that character"?
In the immortal words of Linus Torvalds: "WE DO NOT BREAK USERSPACE!"
Now one of the ways in might be those companies who claim to be able to break iPhone security for law enforcement and the like, but I'm not sure if they'd be willing to do it (at any price) unless you could somehow trick them into thinking you had some "interesting" data on there...
If I'd get a dollar for every annoying bug that Apple misses due to being hopelessly Bay Area brained, I'd probably get at least a free official Apple cleaning cloth every couple of years.
I agree with you and don't really get what Apple gets from removing a valid Czech character, but how would you test if all existing passcodes remain inputable without knowing the passcodes of all iPhone users?
The one way to do this that I could see is to include both the new keyboard and the old one and if someone fails to unlock with the new one auto report that to Apple (not the code, just that the unlock failed and that the keyboard might be the problem), then auto revert to the old keyboard on the next unlock attempt...
Probably the better solution is to include some kind of special lock-screen keyboard that provides some fallback mechanism to input any character. Presumably there are similar edge cases where someone creates a password using one keyboard, then switches keyboard layout, and now can't re-enter it using the active layout...
Indeed. For example, most desktop operating systems have a keybinding for «search for any Unicode symbol by name and input it». That would make sense to have as a fallback button on a virtual keyboard too.
The iOS emoji selector is close in UI/UX already, but the search is restricted to the emoji range of Unicode.
You can but you have to tie it to actual devices and a point in time, not simply a specific OS version. Essentially, all devices that existed before the change must still support the old set of characters and devices produced (or sold or activated) afterwards can support the reduced set.
Or wait until a future OS version that will not support any device currently in existence.
This fails if they let you keep your password migrating between devices, though, so you probably need a version somewhere in the middle that flags it as an issue and flags it as not allowing migration without changing the passphrase.
You need to not just force the update, but also forbid using pre-updated ones in migration, since someone might conceivably have an off-for-many-years device they wake up and want to migrate.
The long tail of stupid edge cases is very long indeed.
Yes, it really is that simple. They chose that responsibility the moment they allowed those characters. Any deductions done after that need to have a failsafe with the expectation they will break a clueless user's device.
Phased roll-out. You first introduce a version that still accepts all extant inputs but will actively warn that there are characters that will be removed in a future release.
Then you wait. Then you roll out a version where the new functionality is flipped on by default, but where you still allow to explicitly toggle to the old one. Then you wait some more.
And then - only then - you roll out a release where the old functionality has been removed entirely.
That’s dangerous. Apple fooled me with the iOS 26 glass theme, it’ll be a while before I install another major update from them. I know many people still on iOS 18. I doubt many of them will update until either Apple fixes their UI/UX or they upgrade to an Android.
Meh, I think you keep the old keyboard and set a password expiry. New passwords use the new keyboard. Or, if you're in a rush to remove the old code, _after_ next login you require password replacement and use the new onscreen keyboard from then.
And perhaps also introduce an upgrade blocker, as the keyboard app notifies the system of a situation that would be unsafe to upgrade to newer releases
You can guarantee it by not removing characters from the keyboard used for password entry. If the set of characters available before the change is a subset of or equal to the set after the change, then all existing passwords must still be enterable.
If allowing that character in the first place was a mistake, then Apple has pushed the consequences of their mistake onto the users instead of owning the mistake and keeping that character available forever on existing devices.
There is a list of valid characters accepted for a passcode. That list was created, the characters debated, and a consensus reached by Apple engineers (I hope, for all our sakes. I don't want to imagine a world where this bare minimum level of engineering diligence wasn't done by a trillion dollar company)
Just have an automated keyboard test for every new release to ensure those characters aren't broken.
That's the thing: you don't! The charset for passwords should be always inputable even if no one is using it.
If you wanted to reduce the size of the charset, you'd basically create a transition plan, and ask everyone in the world with a passcode to set a new passcode and validate that against the new charset/rules. A company that can perfectly transition the world from x86 to ARM can surely manage that.
It's literally a matter of an automated test that sets a password using every character on every possible keyboard type, then tries to type that password in on the lock screen. There's not even that many keyboards, that test would take what, an hour to run?
Right, but this test basically means you can't ever remove a character if it was ever present. I was assuming that you still want to remove it (for some reason) and wondering how to safely test the change.
You create two keyboards and use them both and test them separately. Then you create a keyboard update flow. And you test that. Then you make sure you test that the old keyboard shows until the user changes their password.
A very simple alternative also would have to have provided a way to do a rollback to previous version until first complete boot after update at least. Would probably also cover for other kinds of problems.
> The Czech layout isn't exactly an obscure edge case.
From what I understand, the problem wasn't with typing characters actually used in the Czech language such as á, ř or ů. The problem was with typing the ˇ character by itself, which is normally encoded in Unicode as U+02C7 (CARON), but there also is a combining version (U+030C, COMBINING CARON), which is what gets printed if there is no precomposed character (e.g. š is both U+0161 and U+0073 U+030C). There is a thing called Unicode normalization that makes "identically looking" strings actually use the same codes, so maybe it was that thing that changed a bit (maybe even somewhere else and not in the lockscreen/keyboard logic), or they could have just removed the ability to type ˇ by itself altogether since it's not something actually used in any language or writing style and most often comes up as a result of a typo.
People have had the same issue with broken screens (and not just on iPhone).
Your touch screen stops working. You want to dump the data by plugging it into the computer. To do that, you need to click "approve" or "trust" or whatever on a touch screen. A touch screen which.... stopped working.
We have definitely moved much, much too far towards security on the security vs. convenience tradeoff. We need a "I am not a human rights activist, I neither understand nor need all of this stuff" mode.
In my book this is proof that Apple has lost control over QA, which is a massive failure, not just some minor hiccup. This has degraded the iPhone from an important tool you rely on to a toy you can afford to lose any second. Everyone needs to draw their own conclusions from that.
I wonder what the thought process (or perhaps lack thereof) at Apple was. Did no one of the likely-somewhat-large team who did that think "wait, this could lock out our users who may have used that character"?
In the immortal words of Linus Torvalds: "WE DO NOT BREAK USERSPACE!"
Now one of the ways in might be those companies who claim to be able to break iPhone security for law enforcement and the like, but I'm not sure if they'd be willing to do it (at any price) unless you could somehow trick them into thinking you had some "interesting" data on there...