Personally.
I’d have a central server, that central server would relay/internally cache the requests. (Two android users looking up /twitch being live, you can save a request to the API if you already recently fetched that data for example), then the app wouldn’t need any tokens at all.
Alternatively:
Your Android App, would implement Implicit Auth, which’ll generate a token for you (without needing a server), which would have a nicer expires_at than a regular user token.
Also means that since you know whom the person is, you can personalize a little better. (Show the users profile and/or fetch their follows and show their followed streams first or something)