I have edited your post to remove the address to your unsecured server on AppEngine. Please note that you should change the administrative ("super-user") password as soon as you can. To do that, log in, go to the Site Admin tab and change the password for the user you created in the installation (usually "administrator"). You can read the documentation on this.
Anyone who saw the address to your server can now download or delete all your data. They can also submit false data.
Are you seeing the 404 on just one device? Are you sure that you typed the address of your server correctly in the Collect settings?