You might try using client credentials flow, generate 1 secret per device and securely store it using Android Keystore. You could to implement secret rotation using MS Graph in your API so that your clients get updated secrets from time to time.
--
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.