I want to know that is it possible to get google-service.json file when reverse engineering on android apk. Because in firebase Google-Service json file contain all keys of project.
JSON file is not included in your APK, what happens is your google/firebase Gradle plugin reads the JSON file and inserts it in string resource file.
But by reverese engineering an apk using tools like apktool, anyone can access these resource files including your string resource file and raw string you put in your java code.
If you decompile the APK, you will get these secret details from string resource files.
<string name="google_api_key">your key</string>
<string name="firebase_database_url">firebase db url</string>
if you added firebase ACL, only authorized user can access the data, and also the key you are using can only be used with apk that signed with your keystore ( make sure sha1 hash you generated in firebase console for android app)
EDIT: For details on acl or protecting your firebase database operations see here