I think it was apple that forced the use of HTTPS in app APIs, not Google.

I don't believe android apps are locked to HTTPS as a rule, though obviously a lot of them likely don't have fallbacks.