Adding on here, no api key is safe on a rooted device. Apps that ship an api key in the apk don’t even need to be on rooted devices to extract the apk. It’s two adb commands to grab it off of a device.
Security is all about making it cost more time and effort than the value of what is being stolen. If you want to use api keys because your backend service is not worth anything to a hacker and you want to keep out casual level hackers, just include them on each platform as you would any native resource.