Sure. Setting up the private swarm was completely uneventful. We just followed the instructions.
We create a swarm key which gets downloaded when a node starts up for the first time, as well as a number of bootstrap nodes for this swarm. It is part of the initial configuration that gets downloaded when the device is initially set up, as well as IPFS version, settings and command line args…
We set the LIBP2P_FORCE_PNET environment variable to make sure we don’t accidentally connect to the public IPFS. E.g. once we accidentally had swarm.key stored as swarm_key, and this safeguard prevented IPFS from starting up and trying to connect to the public swarm. Just removing the public bootstrap nodes is not enough, since IPFS has many ways to discover peers… 
No. We are downloading a released version from IPFS Distributions . See this discussion for details. The apk chooses the right binary based on the architecture (arm or x86) of the android device.
The private swarm encryption uses the symmetric cipher Salsa20 in a pretty straightforward way. See this discussion for details.
You need a secure way to distribute the swarm key to each device.
We are currently using --routing=dhtclient for the ipfs nodes on the android devices in order to reduce bandwidth usage, and because the android devices frequently go offline and therefore probably are not good DHT nodes. We need to perform some more experiments with this though.
Hope this helps!