You might be able to secure your APIs for the mobile client by securing the Rails APIs with OAuth. Then the Android client can authenticate via OAuth to your Rails app.
Check out the following gem:
- doorkeeper - A rails engine that turns your app in to an OAuth 2 provider so that you can secure your rails APIs with OAuth.
Also, check out this great blog post about how to use Doorkeeper along with devise, etc: http://sameer.siruguri.net/blog/2013/06/23/railscast-gotcha-using-devise-doorkeeper-and-oauth2-defaults/