This is a big deal for Android M and N: an app developer can declare that their app always wants to use HTTPS and the OS will help to enforce that against accidental downgrades to HTTP. It’s so easy to introduce an accidental http:// URL in your API, especially if your server communication use the HATEOAS style of REST where the server provides a lot of the URLs to the client at runtime instead of hard-coding them.