I would like to extend Joseph Sible's comment and build upon it.
There is a rule in Information Security, called "Never trust the client!", and it holds true so far. In your case, the client is the application on the phone of the attacker. The attacker has full access to the phone, and can modify it in any way they would like. This includes, but is not limited to:
- Debugging the application at runtime
- Analyzing the memory of the application
- Modifying the executable
- Emulating a runtime for the executable to see the System Calls the application does
- Analyzing the network traffic
Basically, as soon as any data is sent to the client, you have to assume that the user will find it and get access to it in some way. How do we know? Because what you are trying to replicate is some form of DRM - also known as "Digital Restrictions Management". DRM essentially aims at giving users some form of access to content, but not any form the user likes.
This has proven, time and again, to fail. In fact, the most enthusiastic and restrictive forms of DRM are those that hurt customers the most, and are those that get cracked the quickest.
You still have not answered why exactly users getting access to the internals of your application is bad, but I am going to assume that your application stores some data there that you don't want them to access, or only want to access in limited amounts.
If it's information they don't need access to, then move them onto a server and not the app. And if it's information that you want your users to have access to, then give it to them. Sooner or later, they'll take it anyways.