@mysk What approach are you using for those captures? A proxy/MITM with Wireshark or something on-device? Presumably the apps are using TLS, so having a root certificate installed is necessary to MITM them?