iPhone app's traffic not sniffable

Question

I've got quite a bit of experience using Charles to sniff out traffic being sent out on my iPhones. Almost every app that I choose to reverse engineer has been possible in large part to cURL and Charles. But, for some reason, this one app called Link seems to have a different way of communication with their server. I looked through my entire Chalres session and didn't see any relevant traffic from this app to an API endpoint. I don't have much experience actually making mobile apps, so perhaps there are other ways to process all of the requests that have to be generated upon using the app. But, how could all of the user's data be stored if no requests are being sent from the app to an external server somewhere?

Answer 1

Charles is an HTTP proxy, it is possible another protocol is being used. Possibly directly using TCP/IP connections.

Wireshark will show all packets in gory detail but you will probably not be able to see encrypted data decrypted without the key.

And the Wireshark UI is something to behold. ;-)

Answer 2

Okay. Have a look at this post: http://www.doubleencore.com/2013/03/ssl-pinning-for-increased-app-security/

SSL pinning might be the answer.

Answer 3

If the app runs on SSL you wouldn't be able to sniff any traffic either way. I design my apps that way at least. Could this be the case? Does it use port 443 instead of port 80?