Being that Android is open source, carriers can (and do) modify every part of the stack, from baseband, to the firmware, to the kernel, to application level. They can put anything in at any level in order to intercept whatever they like, and they do not release the source code for their changes. This means that they can (and have) intercept and transmit anything you do, including decrypting any encrypted traffic (they have full local access to your device). Furthermore, once they have low level, back door access to the device, they can push whatever code they would like at any time.

Sure, you can encrypt traffic all you want, but if they have low level access to your device, they can just look at it before encryption (or after decryption), or just grab the decryption key from memory, and then transmit it to wherever they would like. Without low level access yourself (which you don't have at all on a non-rooted device, and is not super meaningful in a closed source environment), you have no way to even see that this is happening from the device. If the traffic is going out over a network you control (your home WiFi), you can detect and block these packets after they leave the device, but if they are going over a network you don't control, there is literally nothing you can do to even see it happening. When you are talking about a mobile network where the only ones that can see the traffic are the same people that have low level control over your device, I am sure you can see the problem.

Again, you have absolutely no way to enforce any rejection criteria of any kind without root. Even with root, if you block this traffic at the kernel level, they can still intercept whatever they would like at the firmware level.