When the application starts for the first time, it takes the phone number from the mobile device settings, shows it to the user to confirm and then communicates to a server to sign up the device. Server sends an SMS with a 6-digits random code to that mobile number (I will supply server side). On the Android app side, following user clicking "Sign up", the application will wait for an SMS to be received, read the 6-digits random code (or let user type it in). It will send that code to the server and show a message to user depending on server's response saying whether signup was successful or not.
That's it. Simple as that. NOTE that I require the app to support all possible Android OS versions and devices.
Also, communication from there onwards (following signup / sign in) needs to be secured/verified, so I need the app to maintain whatever cookie/session id/device id mechanism required so that it will be dispatched with each subsequent requests made to server and identify each client securely. I am not sure what's the best (or common) approach to use, so I request each bidder to suggest his approach to that in a sentence or two. Just let me know what would you suggest to use to identify each client later on and be 100% secured.