Spring Security OAuth 2.0 with no client_secret

I am developing a login system for my Android application using Spring Boot and Spring Security OAuth 2.0.

My starting point is the following demo repository: https://github.com/royclarkson/spring-rest-service-oauth. In the demo you can find the following setup:

OAuth2 client:

clients
    .inMemory()
        .withClient("clientapp")
            .authorizedGrantTypes("password", "refresh_token")
            .authorities("USER")
            .scopes("read", "write")
            .resourceIds(RESOURCE_ID)
            .secret("123456");

Method to fetch the access token in its tests:

private String getAccessToken(String username, String password) throws Exception {
    String authorization = "Basic " + new String(Base64Utils.encode("clientapp:123456".getBytes()));

    String content = mvc
        .perform(
                post("/oauth/token")
                        .header("Authorization", authorization)
                        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
                        .param("username", username)
                        .param("password", password)
                        .param("grant_type", "password")
                        .param("scope", "read write")
                        .param("client_id", "clientapp")
                        .param("client_secret", "123456"))
        .andExpect(status().isOk())
        .andReturn().getResponse().getContentAsString();

    return content.substring(17, 53);
}

Every test in the project provides works perfectly but I want do things differently and I am having trouble doing so. As you can see the demo client defines a client_secret (which is also used in the tests) but a client_secret is really worthless in an Android environment, I can not guarantee its 'privateness'.

See https://apigility.org/documentation/auth/authentication-oauth2:

If we are using a public client (by default, this is true when no secret is associated with the client) you can omit the client_secret value;

and see http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-2.1:

Public: Clients incapable of maintaining the confidentiality of their credentials (e.g. clients executing on the device used by the resource owner such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.

So what I have done is removing the secret in the client configuration:

clients
    .inMemory()
        .withClient("books_password_client")
        .authorizedGrantTypes("password", "refresh_token")
        .authorities("USER")
        .scopes("read", "write")
        .resourceIds(RESOURCE_ID);

Also adapted the getAccessToken(...) method:

private String getAccessToken(String username, String password) throws Exception {
    String authorization = "Basic " + new String(Base64Utils.encode("books_password_client:123456".getBytes()));

    String content = mvc
        .perform(
                post("/oauth/token")
                        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
                        .param("username", username)
                        .param("password", password)
                        .param("grant_type", "password")
                        .param("client_id", "books_password_client"))
        .andExpect(status().isOk())
        .andReturn().getResponse().getContentAsString();

    return content.substring(17, 53);}
}

But when I use this new setup my tests fail, I can't get an access token, I keep getting an HTTP error 401 Unauthorized.