[tomtalks]

Unless an android app uses certificate pinning (https://security.stackexchange.com/questions/29988/what-is-c...), it is usually trivial to MITM its traffic passing through your phone.

Provided you own and have physical access to your phone, you can use any number of proprietary/open free/costly tools to do so. (E.g Fiddler http://www.telerik.com/fiddler, Burp https://portswigger.net/burp/ and mitmproxy https://mitmproxy.org/)

In this case I used fiddler, all I had to do generate a custom root certificate (Be warned this is not a good idea in general, look up super fish if you want an example of why installing custom root certificates can be bad), install that certificate on my device and then proxy my device through the computer running fiddler.

This process is far better documented here http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/Conf... if you need any more help or advice let me know

[BoorishBears]

I recall older versions of one of those (forget which) generated a non-unique custom certificate, meaning anyone who had used it could be MITM'd with the same cert. It was changed later on, but it's a risk if you go with something poorly designed.