A client is asking for us to provide our app's functionality in an SDK form. Our Android dev isn't super experienced in building SDKs so I'm wondering if it's possible to build an SDK but ensure he client doesn't see / understand our secret sauce (how we do it)
DexGuard is not bad. Lots of solutions out there that make it harder to reverse engineer your code. Nothing can guarantee prevention.
If it’s a saas offering, separate your business logic and secret sauce from interface and only include interface (rest client) in the sdk to send to your customer.
If you obfuscate, people will deobfuscate. Only include interfaces, like how you build a library package
I'm not very knowledgeable about this but wouldn't you be able to ship a binary core and an interface to it?
I am probably even more not knowledgeable, is it possible to build normally - and then convert to binary?
ProGuard/R8 as a minimum. But then you need a paid tool like DexGuard. Also having all the logic in native(C++) would increase the effort needed to deobfuscate.
You can certainly obfuscate, but obfuscation will not ensure anything.