Because the decryption keys or logic reside inside the HTTP Custom Android application, reverse engineering the APK is the most definitive method to understand the encryption.