I had this question roaming in my mind since long time.
Ok, the App is installed in the client's device and I immediately deleted the APK file.. now what's the possibility
that someone can hack the installed app and salvage some code, if not the whole project?
It is not possible on non-rooted devices. On a rooted device it is indeed possible to get the compiled classes and decompile them (use obfuscation to make it more difficult).