> how would you test if all existing passcodes remain inputable without knowing the passcodes of all iPhone users?

You basically can't ever remove an available character.

That includes emojis if they're allowed in IOS passwords.

You can guarantee it by not removing characters from the keyboard used for password entry. If the set of characters available before the change is a subset of or equal to the set after the change, then all existing passwords must still be enterable.

If allowing that character in the first place was a mistake, then Apple has pushed the consequences of their mistake onto the users instead of owning the mistake and keeping that character available forever on existing devices.

Phased roll-out. You first introduce a version that still accepts all extant inputs but will actively warn that there are characters that will be removed in a future release.

Then you wait. Then you roll out a version where the new functionality is flipped on by default, but where you still allow to explicitly toggle to the old one. Then you wait some more.

And then - only then - you roll out a release where the old functionality has been removed entirely.

You assume the worst case: every character that could ever have been entered is in use.

If passwords are Unicode then you need a way to input arbitrary Unicode (e.g. a Character Map dialog).

There is a list of valid characters accepted for a passcode. That list was created, the characters debated, and a consensus reached by Apple engineers (I hope, for all our sakes. I don't want to imagine a world where this bare minimum level of engineering diligence wasn't done by a trillion dollar company)

Just have an automated keyboard test for every new release to ensure those characters aren't broken.

It's literally a matter of an automated test that sets a password using every character on every possible keyboard type, then tries to type that password in on the lock screen. There's not even that many keyboards, that test would take what, an hour to run?

A very simple alternative also would have to have provided a way to do a rollback to previous version until first complete boot after update at least. Would probably also cover for other kinds of problems.