This is possible for the most part. Just grab the APK, rename it to .zip, and you already have access to the content. Browsing through folders will show you (assuming you are using Unity) many Unity asset files. They, with the help of validation, are trivial enough to extract content from.
Trace the folder structure until you find Assembly-CSharp.dll and extract it. Drop it on something like ILSpy, and you will find that your sources are not just trivial to decompile, but that almost all names are saved and not even messed up in any way.
To provide you an example, this is part of my code
and this is what I got just now using ILSpy from the APK we created
Minor differences, but nothing that really confuses you.
In general, there is not much protection by default. There are ways to apply obfuscation, but I have no experience there, so I can not comment on the practical utility.
The bottom line is that if someone really wants to make an effort to extract what you have created, they can to some extent. Therefore, if you want to protect your work, you will have to find a solution somewhere else.