Im about to put my Android app on the marketplace. I recently encrypted all of my server/client communication. What i am wondering is if my data is encrypted using a specialized key, and if a person decompiles my code and extracts the key, then is it even worth encrypting the data in the first place? My communications ran a lot faster when the data wasn't encrypted. With the game being an action game, lag is going to be a huge "fun killer" and from experience i know it is frustrating. I know the encryption makes the app a lot safer, it makes it safer for the gamers and the server but it causes huge lag. Is the security worth the deduction in performance? Is even worth using encryption when your code can just be decompiled? I already use Android Proguard but if someone really wanted to decompile my code, they would take the time to sort through all of that garbage.
I think, it is safe to operate under these assumptions.
Don't trust data that clients send you, make checks and validations against it (like if someone tries to 'teleport' from one map corner to another, by sending modified location).
Accept only data that's valid.
Ban cheaters.
Encryption is ok, but when it does not harm the game or gameplay (in your case it does).