From a recent Google post, it looks like Android P will be preventing apps from using unencrypted connections by default. Google released the first Android P developer preview recently, and in that release, the Network Security Configuration feature was updated to block all
cleartext traffic (unencrypted HTTP) on an Android P device. This looks to be good news for all of those concerned about security on an Android device.
Google is now focusing on using TLS (Transport Layer Security) protocol to secure data traffic going in and out of an Android device. For clarity, think of this as the additional layer of encryption over HTTP, which most people now know as HTTPS. Simple HTTP connections are prone to attacks, stealing information while data is in transit, or hackers could also insert some malicious data into your device’s data transfers. Most websites have transitioned to HTTPS. With Android P, it looks to be the same for Android apps.
Google is now advising developers to update their apps and make sure that they support the TLS protocol if they haven’t done so already. In case a developer requires their app to send
cleartext traffic for any reason, they will have to specify the domains where their data is going to in the app’s network security configuration documentation.
If you need more information on this, check out the source link below. The answers to common questions about the TLS protocol should be found there.