FYI most apps done for android with this functionality are seriously flawed. They all suffer from mitm attacks, so anyone in the same network may sniff your traffic, steal auth cookie, send sms and control your phone.

I would do comunication over https with self-signed on-device generated certificate.