In your blog post "Standing on Our Own Two Feet" there is not mentioned that app developers can also support the new CA by explicitly adding it in it's app as trusted root CA certificate (works for Android 6.0 and 7.0/7.1):
Please provide a details tutorial how to make Android apps that support Android 6.x/7.x versions.
And for devices 5.x and older the root CA certificate can be manually added to the user root ca store by importing it. May be for this purpose an Android app by Let's Encrypt would be helpful. This app could provide the correct root-CA certificate and initiates the import process.