And for websites, there's a better way to do OCSP. The web server using the certificate can get an OCSP response for itself (usually once every few minutes) and attach it to all TLS handshakes for that same domain ("OCSP stapling"). That way, clients get an up-to-date OCSP response, but without having to reveal their browsing behavior to the OCSP server.
Unfortunately, there is no obvious way to carry over this behavior to application binaries, since we're not dealing with a client-server architecture here.
Unfortunately, there is no obvious way to carry over this behavior to application binaries, since we're not dealing with a client-server architecture here.