I mean, with 3 tools
Disclaimer
This post is for informational and educational purposes only
Requirements
Terminal Time
# extract classes.dex
unzip -j <apkfile.apk> classes.dex
# transform dex file to jar file
d2j-dex2jar.sh classes.dex
# read the sources
jd-gui classes-dex2jar.jar
Bonus
Do you use NativeScript/Ionic/Cordova/Phonegap/"insert some webview based mobile framework"?
This is how easy someone can read your javascript code
# find the bundled JS
unzip -l <apK file> | grep '.js'
# extract the bundle
unzip -j <apk file> assets/app.js
# find endpoint, or api keys
cat app.js | grep 'api*\|http*'
# DoS the endpoints
echo "just kidding"
Edit
If you want to avoid commands an just use an app with UI you have
Hope you find it useful and educational.
Cover Image from https://www.eff.org/issues/coders/reverse-engineering-faq