This kind of security is always a difficult problem to solve. One of the main methods for something of this kind would be to use a headman key exchange for the first creation of a key system. Each user will have their own unique key, and only the initial handshake will be an intensive process. Then, at this point, you can run any number of cryptographic algorithms to verify the keys every time you authenticate.
So, this asks the question of how to install the key first of all before sending and what unique information you can use to create the key on the mobile client side. This leads us along the gray path, because there are many different ways to do this, and everyone has their own thoughts. For example, you can use your own Android OS architecture to get a unique phone ID or Google user account ID to use as a hash in the original key. However, keep in mind that diffie hellman is anonymous, so you need to authenticate the user first before you exchange keys with them. Subsequently, although you can just use signed requests.
In principle, this delves into the area of ββsecurity, which should be well thought out using these resources and knowing that you are on a mobile platform, you need to maintain low processor cycles, which means the absence of intensive cryptoalgos. The method above is one such solution that you can implement.
In addition, if you are developing an application for Android, this authentication can be easily performed through the application interface by clicking. You can basically click cert for an application that either calls or revokes access, so this should be the easiest route. If you want to use this on Symbian OS, you will have to do more work as described above. In addition, since you are mostly asking for login, not full encryption, the overhead for a key signing system should not be too complicated, but it can be difficult to implement a cross platform.
Hopefully this will give you a starting point for further research and ideas.