Starting with Android Nougat, Google changed the way apps handle user certificates:
Apps that target API Level 24 and above no longer trust user or admin-added CAs for secure connections, by default.
This means that certificates issued by applications like Charles or mitmproxy are no longer accepted, so these proxies won't work for HTTPS traffic.
This tutorial explains what needs to be done to overcome that restriction and be able to sniff any Android app's HTTPS requests.
For instructions on how to pull, modify, rebuild and redeploy an Android app, see this tutorial.
Once your target apk is properly disassembled, look for AndroidManifest.xml at the root folder and add the following attribute to the application element:
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config" ... >
...
</application>
</manifest>
That attribute points to a file that must exist in the res/xml/ folder inside your project. If it doesn't, create it now and change its contents to be like this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
This rule tells the Android system to accept any system or user certificates, overriding default behavior. See this page for other overriding options.