Of which is visible to what they are doing within the app itself. A few changes of code in the app and you can have the app print what is going on. How they encrypt traffic is also clearly available in the app.
It isn't that simple... possible, yes, but not as simple as you make it out to be when developers don't want their code viewed. As with virtually any program, you CAN end up seeing what is going on, no different than going back to the old days of dumping the assembly in old DOS games to find/patch cheats. But it can take some time and dedication. Of course, if they don't care and leave everything "in plain sight" then this IS fairly easy. I just doubt Google is doing that...
https://developer.android.com/reference/javax/net/ssl/SSLSocket
You are showing links to dispute things that are not what I said... this references the built-in Java libraries provided; as I said, "The security provider can be updated via Google Play Services independently of the OS." You have to update the security provider and then enable TLS 1.2. This is made available through the Google Play Services library. If you are really interested, this is how it is done:
https://developer.android.com/training/articles/security-gms-providerThen in Android 4.2 and below, you just have to override the SSLSocketFactory to provide the 1.2 enabled. 4.3 and above SHOULD have it enabled by default after the provider is updated.