Comment by PaulRobinson

99% likely they're using a REST API, which is... HTTP.

Even if it's gRPC or something more exotic, it'll be over TLS (you best hope it is).

You can have a webapp cached locally on your device. PWAs allow developers to create an SPA you can open from your homescreen, and to do that API interaction the same way as a native app.

I hope you and your family are well, and it's great that tech helped. But please, don't think that because this tech worked in this instance it can't be made safer and securer.