I have successfully setup the Charles Proxy on my host machine such that I can view SSL traffic from my android virtual device when the request comes from the browser or from most android apps on the virtual device. However, I cannot see SSL traffic from one particular app. When that app makes SSL requests the entries show up in Charles as "SSL Handshake: Received fatal alert: handshake_failure"
Because I can intercept SSL traffic from other apps, I'm thinking that perhaps the app in question is somehow ignoring the user accepted root certificate. Is this possible? If so, can it be worked around?
It's possible that the app that's not working is using public key inspection (AKA public key pinning) during it's SSL handshake. It's a security mechanism that's intended to prevent a man-in-the-middle attack. I think that setting up a proxy in the middle changes the chain of certificates passed to the client during the handshake and that is the reason it fails.
If the reason you cannot inspect the traffic from this app is indeed Public Key Pinning - I'm afraid there is no workaround (at least not one within a reasonable amount of time invested). the app is expecting a specific public key which you don't have.
more on public key pinning : https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
I hope this helps.