i'm new on using Web Service in Android. Web Service needs a username and password, so i give this info in code (amateur). But i don't want to reach to this info by any person by any decompile methods. What would you recommend ? thanks
You can make start login screen and directly tell user that he should pass authetification checking.
So first time user input login and password and then you generate unique string and give this back to client. Then every time he want to get data from your server he should send you this autetifaction string in header.
Maybe you just saving this sessiong string in your internal storage and when the app starts checking if it exists. If no you should show your login screen again. But if user want he still can steal this info from device.
If you don't want to make this you can try to make hacking harder though.