It’s an either-or type of question, actually.
Either they won’t get paid for cached app use, or they will.
-
If they won’t, then it’s a security problem that needs to be addressed
-
If they will, then the platform is open to abuse by GET request stuffing