Language doesn't really matter here. If you have the keys on the client then they aren't secured from the user. They are at best obfuscated. It may be slightly more difficult for somebody to extract them from compiled code, but since the app needs to use
them they have to be available. It's a very small step from being sophisticated enough to know to want the key to being sophisticated enough to find it in the debugger.
If your data really needs to be secured from the user you'll need to keep it on a server. To secure the data from others you can use a credentials supplied by the user.
--Rob