Can you actually still widely do this? Last time I checked on the latest versions of Android apps don't accept user certificates so you can't really do much about any https traffic, which really is the bulk.
You can, on a rooted phone. There's ways to install a CA certificate with root (described in my only popular blog post) but there's also alternatives, like using Frida to disable TLS verification all together.
It's certainly not as easy and reliable as it used to be, but it's still common for security research to use these tactics to see what apps are doing.
The basis of many enterprise networks is device-installed CAs so I would be thoroughly surprised. iOS at least still allows you to install a custom CA and only a few apps will refuse to work with it, who likely reject connections that aren't secured via a specific CA.
It's certainly not as easy and reliable as it used to be, but it's still common for security research to use these tactics to see what apps are doing.