tinyCam dev here.
Do not trust any cloud cameras, e.g. Wyze, Nest, Arlo, etc. Period. All credentials are stored on server and service admins have access to them. So they can view video from your camera and watch recorded video stored on AWS if they want to. And you will not be able to notice that.
Wyze uses P2P developed by TUTK for live view and HTTPS for getting credentials and uploading video to AWS.
TUTK P2P protocol is quite strange. I do not see valid description of P2P protocol and open source implementation. TUTK provides precompiled binaries for every P2P camera manufacturer, e.g. Wyze. I highly doubt that it is secured. AES 128 does not mean anything IMHO. There can be still backdoor. HTTPS protocol is secured.
Wyze made some improvements over TUTK P2P for encrypting credentials. At least TUTK admins will not have access to your live stream (if there is no backdoor of cause).
P.S. You should not trust apps as well. However it is always possible to decompile Android apps and check what the app is doing.