I believe that it is theoretically impossible to completely hide credentials. That is, if your compiled code can read them, then theoretically it could be anyone who has access to the compiled code. But imperfect security is still worth it. I assume that most attackers simply look at the binary files for strings that look like private keys, and do not decompile the code and try to interpret how it works, so one way to hide the credentials would be to save them in encoded form and then decode them as needed. Thus, the decoding algorithm will become your key, and the attacker will have to find and understand it in order to extract your credentials.
Here's a pretty simple way to do this with a random XOR mask. Replace the following dummy password with yours, and remember to keep the NULL terminator (\ 0) in place. Compile and run this code as a separate program:
#include <stdio.h>
Then copy the created pad and key into code like this (which will really be included in your application):
#define PAD_LENGTH 32 char pad[PAD_LENGTH] = {0x83,0x26,0x8a,0x8b,0xee,0xab,0x6,0xed,0x2e,0x99,0xff,0x23,0x7f,0xef,0xc8,0x8,0x6b,0x8e,0xa4,0x64,0x6d,0xb,0x7,0xd2,0x6a,0x39,0x60,0xa4,0xa9,0xad,0xea,0xb8}; char key[PAD_LENGTH] = {0xce,0x5f,0xaa,0xca,0xb9,0xf8,0x26,0xbd,0x4f,0xea,0x8c,0x54,0x10,0x9d,0xac,0x8,0x6b,0x8e,0xa4,0x64,0x6d,0xb,0x7,0xd2,0x6a,0x39,0x60,0xa4,0xa9,0xad,0xea,0xb8}; for (int i = 0; i < PAD_LENGTH; i++) { key[i] = key[i] ^ pad[i]; } NSString *password = [NSString stringWithCString:key encoding:NSASCIIStringEncoding];
Since this is on a public forum, you may need to change a few things, for example, make pads of different lengths, split them and reunite with them, reorder them, etc. You can also save the pad and key in remote parts of the code. A truly experienced and dedicated attacker will be able to find your password, no matter what, but the basic idea is that most people looking at the binary code for the password will not find it as such.