Protect string constant against reverse-engineering

Question

I have android application that has hard coded (static string constants) credentials (user/pass) for sending emails via SMTP.

The problem is that .dex file in .apk c

Answer 1

1. Hashing is not possible since it is not two way.
2. Any encryption such as AES, DES, blowfish, etch is not a viable solution as you have to include the decryption part within your app and that can be decompiled with a combination of apktool, dex2jar and JD (java decompiler) which is a very powerful combo while decompiling any apk.
3. Even code obfuscators don't do anything except make life a little more difficult for the decompiling guy, who'll eventually get it anyways.

The only way which I think would work to an extent would be to host the credentials on a server which only your application can access via a web-service call through a separate authentication of some kind - similar to FB's hash key thing. If it works for them, it should work for us.