I've been banging my head on the wall for the past few days trying to implement OCSP validation in Android.

So far in iOS has been easy to implement, but for Android every single piece of information I've come across just doesn't work. I've been using both my customer's API endpoint and this website to run tests for certificate revocation and so far I haven't been lucky to detect a revoked certificate inside my Android Application. I'm using OKHTTPClient. Here's the method where I validate certification revocation

public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {

        assert (chain != null);
        if (chain == null) {
            throw new IllegalArgumentException(
                    "checkServerTrusted: X509Certificate array is null");
        }

        assert (chain.length > 0);
        if (!(chain.length > 0)) {
            throw new IllegalArgumentException(
                    "checkServerTrusted: X509Certificate is empty");
        }

        if (VERIFY_AUTHTYPE) {
            assert (null != authType && authType.equalsIgnoreCase(AUTH_TYPE));
            if (!(null != authType && authType.equalsIgnoreCase(AUTH_TYPE))) {
                throw new CertificateException(
                        "checkServerTrusted: AuthType is not " + AUTH_TYPE);
            }
        }

        if(chain[0]!=null){
            try {
                X509Certificate issuerCert = chain[1];
                X509Certificate c1 = chain[0];
                TrustAnchor anchor = new TrustAnchor(issuerCert, null);
                Set anchors = Collections.singleton(anchor);
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                List list = Arrays.asList(new Certificate[]{c1});
                CertPath path = cf.generateCertPath(list);
                PKIXParameters params = new PKIXParameters(anchors);
                // Activate certificate revocation checking
                params.setRevocationEnabled(false);
                // Activate OCSP
                Security.setProperty("ocsp.enable", "true");

                // Ensure that the ocsp.responderURL property is not set.
                if (Security.getProperty("ocsp.responderURL") != null) {
                    throw new
                            Exception("The ocsp.responderURL property must not be set");
                }
                CertPathValidator validator = CertPathValidator.getInstance("PKIX");
                PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) validator
                        .validate(path, params);

                System.out.println("VALID");
            } catch (Exception e) {
                System.out.println("EXCEPTION " + e.getMessage());
                e.printStackTrace();
            }

I have a similar piece of code as you, just slightly different, that currently correctly blocks connections with revoked certificates, see here: https://gist.github.com/HylkeB/f9f3c26398c49985e54545df1b76b062

Its not stapling, I couldn't get that to work (I have not yet found out how to add the status_request extensions to the ClientHello TLS handshake). For now this is good enough though.

Instead of using OkHttp try using Android's in build HttpURLConnection or HttpsURLConnection in case of https://