Inspecting traffic of popular iOS apps

Performing TLS decryption on my own phone to see what traffic gets sent out.

I installed a root CA on my iPhone and intercepted my own traffic on my firewall using Squid. Here’s a look at what your favourite apps call behind your back.

Official Apple apps

Phone app

It made calls to my mail server (presumably to fetch contacts).

Mail (with two on-prem Exchange accounts)

Called my Exchange servers only.


No traffic.

(Apple) Maps

Lots of calls to

App Store

Detected TLS inspection, so it’s using pinned certs. ‘Something went wrong’.

Social networks


LinkedIn primarily uses GraphQL for most API calls, and there is a tracking endpoint frequently called at I also found a “whoami” style endpoint at A media CDN at appears to be doing authentication correctly.

When I turned off DNS-based ad blocking, a little bit more is called, such as which seems to be an Apple tracking server. I also saw calls to


Nothing too weird. Seems to be mostly the same stuff you’d see on desktop:

  • (this one is Google’s network)


Weird one – it doesn’t seem to make calls to hostnames, instead calling a few IPs on port 443 on ASN 32934 (FACEBOOK).


Generally was very quiet. Some calls to Facebook, such as


Some calls to AWS.

Security / sysadmin apps


It made calls to the following endpoints:

  • a few other IPs

RD client (Microsoft RDP)

No unexpected traffic.


No unexpected traffic.

Self-hosting community favourites

Bitwarden (self-hosted server)

I saw no calls to the Internet 🙂


Nothing at all hitting the Internet.

Mastodon (not logged in)

No traffic.



Very noisy. Some common calls:




  • A few calls to their API
  • (presumably analytics)

Google Maps

As expected, a major offender:


Generally called its own stuff, but also DataDog and Google.



Hard to know – all calls went to CloudFront.


If you’d like me to decrypt another app, contact me and I’ll update this post. If you’re a developer and think I got something wrong here, let me know and I’ll take a look.