Character in iPhone Password Removed From Keyboard

There are some details in the Register article that make this case extra weird. iOS 26 only removed this particular character from the *lock screen keyboard*, not the regular keyboard that's in use when you normally type. What? I didn't realize there was a functional difference between the lock screen keyboard and other keyboards (besides appearance). Furthermore, the Register's testing indicates it wasn't even "removed", it just *stops being entered*: "The OS will not allow users to input the háček as a character. The key's animation triggers, as does the keyboard's key-tap sound, but the character is not entered into the string." This sort of makes it sound like a bug. Or maybe a security fix, but an incomplete one at best. Though this conflict's with the student's own account which says the key was actually removed and replaced with a different character.

They also link to a Reddit article where *multiple* people have been having this same problem, not just one person.

Also, how would you test against this case? Passwords are hashed so there's no way for the phone to know the existing password has a newly-illegal character. I guess just don't remove characters from the lock screen keyboard, ever? Or I suppose you would first have to do an interim update that still allows the character but prompts the user to change their password when they enter it.

"I guess just don't remove characters from the lock screen keyboard, ever?"

Yes, this. Removing a character from the login keyboard is such a dumb idea that it is immediately obvious that you can't do it without locking users out of their devices.

There should always be a backup way to enter a closed system like this. If your iPhone's touch display stops working, you can't get to it any more either, even though your data may still be there - but you can't then initiate a backup any more because you can't unlock it.

I'd think it should be possible that you save a special key code that can be read via the iPhone's physical data connector (USB connection) - and only for that one purpose, to prevent abuse. Maybe only with a special connector that only Apple's service has, but with a key that you can keep yourself (and thereby safe unless you need it). Other system provide something similar, where you can save a decryption key and print it and hide that, for instance.

But Apple would have to be willing to do something about it.

Also, I'd raise the question if Apple can be held responsible for practically bricking your device. After all, Apple forces these updates on you. If you take your care to a mandatory service and them break something, they also have to take resposibility and offer something in return for the damage. Why should Apple not have that resposibility?

What a dumb company. This is not mismanagement. It’s not (just) lack of or no QA. It’s mostly (just) dumb engineering that just don’t care.

> This is not mismanagement. It’s not (just) lack
> of or no QA. It’s mostly (just) dumb engineering
> that just don’t care.

I have no idea how that happened, but if it wasn't intentional, then this is 100% something that regression testing would have caught. If it is intentional, then it is 100% mismanagement.

Management should micromanage every single line that goes in. There is a thing called personal responsibility.

This issue likely happened like most of the issues of this kind happen. Something got rewritten without much thought going into understanding all the corner cases. The company is known to overemphasize "impact" over maintenance. That is mismanagement and broken incentives. But that still does not absolve engineering from personal responsibility.