We're using the default Apache HTTP Client library of Android to execute the HTTPS requests - currently without any modification to the list of used cipher suites. So which cipher suite is used depends on the Android version you are using. And of course it also depends on the server because the server is actually choosing which cipher suite to use.
The "Handshake Simulation" of Qualys SSL Labs gives you a good impression which cipher suites will be used in which Android version. Here's Telekom Cloud's WebDAV (which is actually pretty bad):
It seems, that their WebDAV server is always choosing the weak RC4-SHA cipher suite (TLS_RSA_WITH_RC4_128_SHA) even if the client would prefer AES256-SHA (as the older - or latest - Android versions do).
We are aware of the fact that the default list of cipher suites in Android has been severely downgraded (from AES256-SHA to RC4-MD5) but I have to admit that we have not yet found the time to implement our own list of preferred cipher suites. (Mainly because in the end, only the server determines which cipher is actually used). More information can be found here: