I've just started to get into Android development and am currently developing an app which part of the functionality is to update the GPS location hourly. I've managed to get the app to store the location in my database by posting the values to a php file similar to the one below. The problem I'm having trouble figuring out is how to do this securely so that only values from my android app are stored and not just any data that is posted to the url.
Simplified php file that receives gps values:
<?php
require_once 'connect.php';
$imei = $_POST['imei'];
$longitude = $_POST['longitude'];
$latitude = $_POST['latitude'];
$result = mysqli_query($con, "UPDATE `device_location` SET `Longitude` = '$longitude', `Latitude` = '$latitude' WHERE `IMEI` = '$imei'");
?>
Essentially, anyone who knows the url of the php file and a valid IMEI number can post fake gps values. How can I verify that the gps values are only coming from my android app?