The attack vectors for this issue are usually public wifi spots because these are easier to monitor the traffic on and that is what this issue built around. An attacker will try and find any communications that occur over the network that are not protected and sniff the information from those requests.
A very clever attack might even be able to listen for this kind of traffic on the carrier network (routers, cell towers, proxy’s, etc). This is not easy however, in fact it's a lot harder due to all the security measure taken by the carrier network.
We can notice a trend off mobile applications that do encrypt their traffic and thus are exposing their users to data leakage. They often think about using TLS/SSL during authentication, but not for anything after that and the user will never even notice because they can not easily see what traffic is encrypted and what is not.
As security researchers what we need to do test for this issue is twofold:
Any calls that should be protected by TLS/SSL but are not are going to leak data and this can be anything ranging from a username to a users complete data. If the attacker is able to intercept requests from an admin of a website, even more damage can be done and it can lead to a full site takeover.
The more sensitive your data is, the higher the impact of this issue will be. If the attacker is able to intercept the users data, this issue could even lead to identity theft, here are some things we need to look out for: