As a reminder, Android is open source but is not a community project; there is a difference. Please try and submit a patch for this and see how far it gets you.
Some time ago, I was adding secure authentication to my APRSdroid app
for Amateur Radio geolocation. While debugging its TLS handshake, I
noticed that RC4-MD5 is leading the client's list of supported ciphers
and thus wins the negotiation. As the task at hand was about
authentication, not about secrecy, I did not care.