I could think of security at two levels:
Hacking the app code
, to generate high scores which are then sent to the server.
Hacking the server protocol
to just send the highscores without using the app at all.
If a person can hack the app code to generate high scores, he can as well hack the protocol and send random scores without using the app.
One option could be to send the app signature (http://stackoverflow.com/questions/8...me-for-android
the users score and some other obfuscated data to the server, so that it makes it really hard for someone to crack the server-client protocol.
Then on the server, verify that the signature is correct.
This way, even if someone modifies the apk to generate random scores, they will have to repackage the app, and will end up having a different signature.
Note that you are not storing the signature file in the app and the signature verification happens on the server (which essentially "cannot" be hacked)