[Mizza]

I had to do this recently and found a great tool for Android for sniffing traffic on the device called Packet Capture. It can even sniff SSL without root permissions by installing a self-signed certificate and running an in-app local VPN proxy. It also had a bunch of other nice features like parsing common protocols, showing the good bits of HTTP, etc. Much nicer than the approach described here (this article is from 2013), although it's certainly only for Android folk.

I don't think it's FOSS, but hopefully a FOSS alternative will come along and use this approach.

[TeMPOraL]

I've been using Packet Capture to get some data I wanted out of an app recently and in the process I started generally snooping around. What I saw disgusts me. First, just how much waste there is in communication - so many requests with so much JSON traffic for no real reason (except maybe laziness). Second - just how much various apps report on you. I've seen everything I could possibly imagine the phone could know about me and my operator sent to the various "motherships", sans actually transcribing my contact lists and messages. I'm not even going to ask what they do with this data.

I recommend the experience highly. Just be warned, you may not like what you see.

[nitrogen]

Usually it's just usage analytics, but the potential for abuse is great because individual data is still sent.