All information available to your client (the app) is possible to extract, though some can be more difficult. As such, you should consider any such information public, and structure your security measures accordingly.
In your specific example, the complex password doesn’t help much, since you will have to include the password in the code (or data) of your app. That means it can be extracted as well.
8
solved Sensitive information in Android app? [closed]