Can I monitor app network traffic on my phone

Yes. On iOS, apps like Charles Proxy (paid) can intercept traffic. On Android, tools like PCAPdroid (free, open source) capture network traffic without root access. For more detailed inspection, you can route phone traffic through a computer running mitmproxy or Wireshark. These tools show you exactly what servers the app contacts and what data it sends.

What permissions should an on-device period tracker have

A truly on-device tracker needs very few permissions. It should not need network access for core tracking. It should not need access to contacts, location, phone identity, or camera. Notifications and local storage are reasonable. If an app claiming on-device storage requests network access, location, or contacts, investigate why.

Is open-source code the most reliable way to verify on-device storage

Open-source code allows anyone to inspect the app's behavior, making false claims about data storage much harder to sustain. However, verifying that the published source code matches the compiled app distributed through app stores requires additional technical steps. Open source is a strong signal of trustworthiness, but network traffic monitoring verifies actual runtime behavior regardless of source availability.

privacy-in-practice

How to Verify an App Actually Stores Data On-Device

Period tracker apps claim on-device storage, but network traffic and permission audits reveal what's really happening. Here's how to check if your app is telling the truth.

Why Marketing Claims Are Not Enough Every period tracker with privacy ambitions now claims some version of data protection. Terms like "your data stays on your device," "privacy first," and "we don't sell your data" appear across app store listings regardless of actual architecture. The Flo FTC settlement demonstrated the gap between marketing and reality. Flo's privacy claims did not match its actual data sharing with Facebook and Google analytics. Users who trusted the marketing had their health data shared with advertising platforms. Verification requires looking at what the app actually does, not what it says it does. Method 1: Permission Audit (5 Minutes) The fastest check is reviewing what permissions the app requests. Permissions reveal what system resources the app accesses, and on device only apps need very few. On iOS: Settings Privacy & Security shows which apps have access to each permission category. Also check Settings App Name for app specific permissions. On Android: Settings Apps App Name Permissions shows granted and denied permissions. What to look for: Permission On device app Cloud based app Network/Internet Not needed for core features Required Location Not ne