Apple update looks like Czech mate for locked-out iPhone user
theregister.com314 points by OuterVale 11 hours ago
314 points by OuterVale 11 hours ago
> During in-house testing, which involved taking an iPhone 16 from iOS 18.5 to iOS 26.4.1, The Register found that Apple has kept the háček in the Czech keyboard, but removed the ability to use it in a custom alphanumeric passcode. The OS will not allow users to input the háček as a character. The key's animation triggers, as does the keyboard's key-tap sound, but the character is not entered into the string.
Sounds more like an actual bug than a decision to change the keyboard layout, if this happens only in the passcode screen?
I remember something like 10 years ago there was an article here in HN, where someone created a user on macOS with password out of emojis.
Then he couldn’t login, because login screen does not have a special character keyboard.
EDIT: found it https://news.ycombinator.com/item?id=10742351 (apparently I remember it slightly wrong, but idea still the same)
I think the biggest lesson here is to back up. The reason for losing access to the phone is amazingly dumb but it could have fallen down the stairs for basically the same effect.
And do your could backups cross-provider. You never know what the "big players" are going to pull, and your lifetime customer value is less than the cost of a single support call.
> your lifetime customer value is less than the cost of a single support call
yes that is the pattern, pioneered by Google here in California
This is exactly the reason why I keep all my shit on an SD card despite Google deliberately making the external storage experience as painful as possible: slow access, broken writes, failed unmounts, no filesystem repair. Literally every time I restart my phone I need to put the card to my PC and repair the filesystem. Also, same card works extremely well when plugged into PC via random cheap USB card reader.
On PCs you still have Linux that resists enshittification and you can pick your own hardware, but it's a really sad state of affairs that there is literally no meaningful mobile system that isn't actively hostile to the user.
There’s a number of mobile Linux distributions around, some even run Android apps.
People need to wake up to the fact that Android has become iOS but worse.
I just have a cheap second hand PC with a couple of good drives running LAN only Immich and a few other backup tools. This, in parallel to cloud backup, makes the setup both mobile and reasonably fault tolerant.
I'm quite wary of using SD card for backup. Too easy for me to lose.
The thing that bothers me about Android is the gimped file manager.
You wan't to access some files off your network using smb? Here install this third party tool and don't forget to give it full read/write access to your device.
Your case is obviously not this, but SD cards aren't a great primary drive, as Raspberry Pi power users sometimes discover. Their durability can be unpredictably spotty.
Biggest lesson is Apple should allow you to downgrade OS, especially on old devices.
Or release some sort of open version once device is EOL'd.
Even if they did, would you recommend them allowing the downgrade without the passcode? Any action that requires a passcode doesn't help this user.
Then an attacker could load an older, exploitable OS and gain access.
Weirdly I care more about my rights as the owner of the device than the rights of a theoretical attacker.
I’m all for a system that allows you to wipe the device to do a downgrade or upgrade (just like any PC with an unset bios password allows) but the idea that it’s a good design for someone without my OS password to be able to downgrade my OS or perform any operation on my OS is insane.
What’s even the point of setting a password if anyone can manipulate the system without entering it in?
The entire iPhone OS is on an encrypted volume and that is the right design choice. Not having the password means no access.
There is no general purpose encrypted volume operating system that allows unauthenticated users to perform OS manipulation. If you encrypt your FreeBSD, Linux, or Windows volume, the result is the same: no password, no access.
Your choice is to enter the correct password or wipe the disk.
The fact that Apple doesn’t allow you to set up a system without full disk encryption is not a user freedom issue, it’s a very sensible design choice especially for a device sold primarily to non-technical consumers who don’t understand the security implications of leaving the volume unencrypted.
The issue here isn’t that iOS security is designed wrong, the issue is that Apple broke basic password entry with an update.
Shame on Apple for having such lazy software development practices when it comes to implementing updates like this.
Yeah I agree that a downgrade that always results in a full wipe is a good compromise.
So don’t buy an iPhone if you don’t care about the security of your device and personal information. That would introduce a massive security hole that would negatively affect far more users than it would help.
I doubt that. The group of people you're talking about are those who have their phone maliciously stolen by people who are actively working to hack/exploit their way into the devices and then actively exploit the information stored on them. That is a utterly negligible percent of users, or even of users who have their phone stolen. The overwhelming majority of thieves of intent move the devices onto professional orgs that wipe them, jailbreak them, package them, and then ship them on to other entities that resell them.
The percent that might want to choose a different-than-latest version of OS would also of course be quite small, but I suspect it would be orders of magnitude larger than the other group we're speaking of just because that group of people is going to be so absurdly tiny.
In this world stolen iPhones are mostly worthless because they can’t easily be wiped without the password.
In your world, they could be.
I imagine iPhone thefts would go way up. They’re worth $1000 and we just carry them everywhere - if they were easily resellble it would be a very obvious quick-money theft opportunity.
iPhones are currently the primary target of thieves by an overwhelmingly wide margin. There are many ways to wipe them and its an industry in its own right. One of the most common, as always, is simple social engineering. They contact the victim posing as Apple, convince them to reveal their credentials in this way or that, wipe the device and away they go. If that fails they're stripped down and sold for parts, which is also reasonably lucrative.
I don't know for certain why thieves are generally not typically interested in abusing user data, but I'd imagine it's because the penalties if caught would go way up. That'd go from what is generally just petty theft, which carries a slap on the wrist, to wire fraud and a whole slew of other charges, which can leave people spending most of the rest of their life in prison.
That’s all true, but it is also true that iPhone theft is relatively rare.
My assertion is that there would be way, way more theft if you could just downgrade and wipe.