I would not be surprised AT ALL to find that they aren't doing certificate validation, however... in which case it'd be trivial to MITM the connection and find out just what they're sending.
Usage Data. As described in this section, we may automatically collect information when you use the Services ("Usage Data"). The Usage Data that we collect may include information such as your device data, including your mobile devices, sensor data, device signals, device parameters, device identifiers that may uniquely identify your devices, including your mobile device, web request, Internet Protocol address, browser type, browser language, referring/exit pages and URLs, platform type, the date and time of your request, and one or more cookies that may uniquely identify your devices or browser. IN ADDITION, WE MAY AUTOMATICALLY COLLECT LOCATION INFORMATION (INCLUDING LATITUDE AND LONGITUDE), PERFORMANCE DATA, MOTION DATA, TEMPERATURE DATA, POWER USAGE DATA, AND ANY DATA OR SIGNALS COLLECTED BY THE DEVICES AS PART OF THE USAGE DATA. WE DO NOT COLLECT THE CONTENTS OF ANY COMMUNICATIONS THAT PASS THROUGH OUR DEVICES OR SERVICES.
 - https://community.ui.com/questions/UI-official-urgent-please...
 - https://www.ui.com/legal/privacypolicy/#c1