If you are going to send some sensitive data from any device (in your case android), relaying on URL being hidden will not bring any security to your application.

At first you can use SSL protocol, SSL will encrypt data between you and your server, so sniffers will not able to read any data. Altought you have to verify SSL certificate when you are sending data from android device to prevent MITM attacks.

Also for more security you can include some symmetric or asymmetric encryption algorithms to your data. You can encrypt data before sending it to server using a public key and only your server will have private key. So you can decrypt data in server using that private key. There is a lot of resources for openssl APIs in PHP.

If you can’t use public-key encryption algorithm you can use a symmetric algorithm like AES. It will be also secure. But encryption key should be kept safe, for example you can implement key-exchange algorithm using a basic asymmetric encryption for transferring encryption key to client, then encrypt data using AES.

Best security could be using SSL, also encrypting data using symmetric and asymmetric encryption algorithms.

It totally depends on your implementation and your effort on securing data.