The privacy issues associated with Android apps are increasingly raising our concerns. Unfortunately, a large portion of privacy breaches in Android apps cannot be accurately detected by existing approaches, especially private data that is collected without consent and transmitted in encrypted form. Even if existing studies are able to break the encryption at protocol level to recover the structure and content of traffic packets, they are still unable to understand the code layer encrypted data. To solve this problem, we propose WhisperCatcher, an automated tool for analyzing unauthorized and encrypted private data transmitted by apps. For each app, WhisperCatcher first captures the raw traffic generated during the app’s startup phase, before the user consents to the privacy policy, and then extracts the semantic information. Furthermore, it utilizes the traffic semantics to guide static code analysis and extracts transmission-related key functions. Finally, it performs dynamic instrumentation analysis and recovers the encrypted data, thereby identifying unauthorized private data transmissions. Extensive evaluations show that WhisperCatcher significantly outperforms existing tools, and it achieves the recall of 91.38% and F1-Score of 95.49%, respectively. In addition, we conduct a large-scale measurement analysis on 14,879 apps and WhisperCatcher identifies 13,966 traffic flows from 4,966 apps that transmit private data prior to obtaining user consent, among which 3,838 (27.48%) flows contain app-encrypted data. Our findings highlight the potential privacy leakage risks in Android apps, which should be brought to the attention of the community.