Hi,
If someone wants to send the data to your server,
they should know one IMEI from your data base,IP of your server and the port number.
But it's difficult to get these three details for someone who outside.
If someone took the hardware also, You can protect the device configuration file by setting password through configurator.
I think, for a normal vehicle tracking application, these security measures are enough.
Thanks in advance
Naveen