The client app needs to get a Persona "assertion" (a long opaque base64 string) that it gives to the Replication instance. The replication then sends this assertion to a login URL on the Gateway, which in turn verifies it and then returns a session cookie.
In theory this can be done without using the persona.org website, but it would require writing a bunch of crypto code and I don't think anyone's done that yet. Instead, the client pops up a web view that loads the persona.org login page, and injects some JS that captures the assertion string that comes back with the login confirmation.
On the server side, the gateway sends the assertion to a REST API at persona.org that verifies it and sends back a true/false response. If it gets a true it generates and returns a session cookie.
I don't know if there is an Android equivalent of the Persona login UI that we use in our iOS examples. (I work on iOS, not Android.) The best thing is to ask on our mailing list/Google group at https://groups.google.com/forum/?fromgroups#!forum/mobile-couchbase .