Picasso image loading issue with Android 9.0 Pie

I know the answer with android:usesCleartextTraffic="true" works but this will allow all connexions to be http not s on everything, which I suppose is not what you want in 2018.

If you know the domain you're reaching in http and you trust it, then it is better to use the network security configuration.

Define a xml file in res/xml/network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">secure.example.com</domain>
    </domain-config>
</network-security-config>

See the cleartextTrafficPermitted="true" only for secure.example.com and its subs.

And then in your AndroidManifest.xml, add android:networkSecurityConfig="@xml/network_security_config"

You can add multiple domains, with multiple configuration, ensure some of them are https or the opposite. Looks more secured IMHO.

In my case, I just changed the image url from http to https and it worked on API 28 without adding anything to my manifest file.

Try Using android:usesCleartextTraffic="true" in Application Tag of your Manifest file! As i faced same issue using Android Volley!

As per Android Documentation

Indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false".

When the attribute is set to "false", platform components (for example, HTTP and FTP stacks, DownloadManager, MediaPlayer) will refuse the app's requests to use cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as well. The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering: a network attacker can eavesdrop on transmitted data and also modify it without being detected. link