I noticed a TCC issue in iOS 26.1 where the Hacker Feed app (com.kentoh.hackerfeed) gets access to an undocumented service called kTCCServiceLiverpool without any permission prompts.

This was observed on my iPhone 14 Pro Max, and while the exact behavior may vary on other devices or iOS versions, it clearly demonstrates a framework-level flaw. The developer isn’t doing anything wrong... this looks like a mistake in iOS itself.

A mainstream HN reader exposes a hidden TCC gap that allows trusted apps to inherit permissions to undocumented system services... #irony