[bilalq]

An hourly cache may not be up-to-date enough for many use-cases. But sure, let's say you have some caching on a timed interval and those are all the requests you see. Unless you block all outbound requests from the app, you still can't guarantee it's not reporting on you.

Imagine if you saw a header on the request that looked like:

``` Authorization: Bearer A17b2C23kd231h12309 ```

That might look totally safe/normal at a glance. It's just an auth header, right? But who's to say there isn't extra info embedded in there? Maybe "A" means a conversion between USD to Euros and the number after it refers to the number of times such a query was made in the last hour. Maybe the letter after it is a signal for the order of magnitude of the largest unit amount (tens, thousands, millions, etc).

I have little hopes for end users (including myself) from ever being able to reliably confirm/disconfirm the privacy impact of closed source apps unless network access is completely cut off. Even if I monitored requests in Little Snitch, who knows what clever encoding schemes can be used to leak out data through requests that appear benign. That's not to say it's not useful to do so (many, if not most malicious apps like that would probably not bother to cover their tracks that well).