I think everyone has heard about the current NPM-gate by now. But there are easy measures especially for companies to prevent problems like that for their internal development. This is not going to be just another review of the issue and trying to figure out who is right and who is wrong. Instead I am going to explain ways to prevent issues like that from happening and blame our self (including me) for the issue.
I recently had to work on an Android application that consumed an API which removed support for TLS 1.0 connections for security reasons.
The Android documentation for SSLSocket says that TLS 1.1 and TLS 1.2 is supported within android starting API level 16+ (Android 4.1, Jelly Bean). But it is by default disabled but starting with API level 20+ (Android 4.4 for watch, Kitkat Watch and Android 5.0 for phone, Lollipop) they are enabled. But it is very hard to find any documentation about how to enable it for phones running 4.1 for example.