First, in order to view the contents (not pictures, but code) of the APK file, you need to decompile the application. But, perhaps, the application code is obfuscated (it is not readable for a person), then there is no point in viewing the code.
Secondly, information about connecting to the database (host, login, password, database name) is located on the server itself. No one will place this data inside the application. The application receives information from the database through the server using the API:
1. The application sends an HTTP(S) request to the server. For example, check Email - localhost/api?action=email.check&[email protected]
2. The server processes the request, checking it for SQL injection (ideally), and only then, if necessary, the database is accessed .
3. Let's assume that the server has connected to the database. Took some information and sent the answer back - to the application.
Thirdly, if you really need to find out where and what requests are sent, install the Wireshark application or any other traffic analyzer on the device.
I advise you to read about client-server applications and SQL injection :) Yes, and not everything is so simple. You cannot connect directly to the database. As a rule, the backend is protected from such "hacks".

Install Wireshark and see where the application sends what data. If it's simple, then maybe you'll find something tasty. If they did at least mediocre ones, then it’s already more difficult.