10% is unsecure let see how skilled hacker can hack your app.
If you have any key or api key and you have used methods like rsa , aes etc to secure your key from hackers.
Now how hacker gonna get the key ?? 
Simple there will a point when your app will decrypt the key.
Lets understand this with an example.
I have a file and file is password protected and i have used aes or rsa method for encrypting the password.
But file do not accept the password in aes or rsa string.
At this point you need to decrypt string to get the original password.
Now password is decrypting within your app.
What hacker can do to get the password 
?
Once password is decrypted Hacker will fetch the decrypted password text from your app.
There are several tools available for fetching data.
This process is not easy and i don’t think a skilled hacker will try to hack small apps or maybe hacker will .
There is no 100% secure.