I have little hopes for end users (including myself) from ever being able to reliably confirm/disconfirm the privacy impact of closed source apps unless network access is completely cut off. Maybe the letter after it is a signal for the order of magnitude of the largest unit amount (tens, thousands, millions, etc). It's just an auth header, right? But who's to say there isn't extra info embedded in there? Maybe "A" means a conversion between USD to Euros and the number after it refers to the number of times such a query was made in the last hour. That might look totally safe/normal at a glance. Imagine if you saw a header on the request that looked like:Īuthorization: Bearer A17b2C23kd231h12309 Unless you block all outbound requests from the app, you still can't guarantee it's not reporting on you. But sure, let's say you have some caching on a timed interval and those are all the requests you see. An hourly cache may not be up-to-date enough for many use-cases.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
May 2023
Categories |