Android/iOS is an interesting idea for a business. They already have secure app distribution. A private channel in the Google play store or via app store adhoc. Communication between the devices via a server should be possible at least using HTTPS but also private/public key encryption. Doesn't have to be an actual server just one of the devices in server mode.

What could possibly go wrong?