To escape %, you will need to double it up: %%.
%
%%
To complement the previous stated solution, use:
str = str.replace("%", "%%");
This is a stronger regex replace that won't replace %% that are already doubled in the input.
str = str.replaceAll("(?:[^%]|\\A)%(?:[^%]|\\z)", "%%");