如何安全地将android位置数据发送到服务器

I've just started to get into Android development and am currently developing an app which part of the functionality is to update the GPS location hourly. I've managed to get the app to store the location in my database by posting the values to a php file similar to the one below. The problem I'm having trouble figuring out is how to do this securely so that only values from my android app are stored and not just any data that is posted to the url.

Simplified php file that receives gps values:

<?php 

require_once 'connect.php';

$imei = $_POST['imei'];
$longitude = $_POST['longitude'];
$latitude = $_POST['latitude'];

$result = mysqli_query($con, "UPDATE `device_location` SET `Longitude` = '$longitude', `Latitude` = '$latitude' WHERE `IMEI` = '$imei'"); 

?>

Essentially, anyone who knows the url of the php file and a valid IMEI number can post fake gps values. How can I verify that the gps values are only coming from my android app?

You can use a string that is hardcoded in your app code in server and in android and don't share that with anyone.
If you want to increment the security, you could create a string generated by yourself or by the any library that generate a GUID (token) in the server, so when the user autenticates in android app, save the string in the database with an expiration time (a column in the table and then verify that when the request is done, the token is valid). The token should be send in every request from the android app and when the user finish the session the token should be deleted , so when he authenticates again, get another token.

One way is to generate a random string to be used as an access token when the user logs in to your app. Save this string in your database and make all future API calls using this string. Your server side code can then check to see if the access token is a valid one by looking it up in the database. If it's valid, then continue with the request.