Unfortunately Google both supports and recommends this. Recently they've even made it easy for apps to automatically ignore any custom certificates added to the trust store, so they don't even have to bother to implement pinning.
Yeah, I'm honestly not surprised. Apologies for the cynicism, but sometimes I wonder if the pushes for HTTPS-everywhere, certificate transparency and DoH are really more for the privacy of app developers instead of the privacy of users...
Understandable position for them to take when you have the likes of Facebook / Onavo etc pushing VPNs and root certificates on uninformed users for "research".
