From my understanding, all legitimate apps or computer software that connect to the Internet have some form of encryption to prevent other parties from spying on users activity or from hacking.
No. They may have (HTTPS is one example), but on the other hand, they may not (HTTP is the obvious counterexample).
So then I assume if I download something from the Google App Store on my Android, my ISP only sees I am downloading from one of Google's IPs but not its contents.
In this case, yes, because chances are that the App Store is connected through HTTPS.
Now back to the browser used as an example. How come my ISP can see the websites I visit if it is routed through a browser?
That is because a "website visit" is a pretty hairy thing actually. Let's start with you clicking on "https://www.whatever.com". "whatever.com" means nothing at the network level, it doesn't work with human readable names, so the very first thing your browser does is ask the OS, "whatever is whatever.com?", and the OS routes the question to the DNS service (usually maintained by your ISP, or often by Google), which now knows you're interested in that site.
Then the browser does connect with the web site, by its address of x.y.z.k, and starts negotiating a suitable encryption. There are some technicalities here, but let's say that your ISP, or your WiFi access point, or an antivirus, or a hacker, can try stepping in the middle of the negotiation and offer a valued opinion which you wouldn't like, if you just knew. There are browser plugins to verify that the SSL/TLS chain is valid and kept honest.
So you're sent a bunch of HTML, and usually CSS, images, and a bunch of Javascript files, and some of that isn't coming from whatever.com at all but rather from a CDN or load-distributing thingamajig. This offers several options for information leak, especially if those CDNs are able to set cookies, or recognize your browser "in some other way" (you may want to check out EFF's Project Panopticlick for most of those other ways, bundled under 'fingerprint').
(And then there are the ads, which represent a further can of worms).
And something that is also important for me to know, if I search with an engine, are the search input and the displayed results then visible to whomever or is it encrypted? I ask this because sometimes I "google" something and just decide to read the text under the titles without clicking out of privacy concerns. Is this act pointless?
No, the search engine (and whoever might be intercepting the traffic) does know you've been sent those, say, ten results, but not that you read them. There is no difference between a successful result and something you didn't feel was germane. There are experimental attention-gauging algorithms using the webcam and eye tracking, but those are a bit outlandish in this scenario.
