Android APK HTTPS user certificates how-to
Starting with Android Nougat, Google changed the way apps handle user certificates:
Apps that target API Level 24 and above no longer trust user or admin-added CAs for secure connections, by default.
This means that certificates issued by applications like [Charles][charles] or [mitmproxy][mitmproxy] are no longer accepted, so these proxies won't work for HTTPS traffic.
This tutorial explains what needs to be done to overcome that restriction and be able to sniff any Android app's HTTPS requests.