The problem has two sides:
1) APEX side
- How to secure the exposed RESTful web-services from the apex app?
2) Android side
- How to access the secured RESTful web-service from the native andorid app?
I think we should concentrate on the first part. The second part should be discussed in android forums not here.
Apex side is on https.
- I use apex 4.2 and latest apex listener
- Custom auth