Finally figured this out. Since this only occurs on Android 9 (Pie), it has to do with the Network Security Configuration. Android P, unlike its predecessors now uses HTTPS by default, but my app was streaming music via HTTP.
If you use API 28 as target API level, this security can be overridden by changing the app code as follows:
If you don’t want to touch the manifest file, you can make the change via the config.xml file, under the
<platform name="android"> tag.
<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
<application android:usesCleartextTraffic="true" />
Note: this overrides all HTTP requests. There is a solution method possible to only whitelist certain IPs or domains in the network_security_config.xml file, if needed.