That's pretty weird and questionable interpretation, since if I have a binary — I have the key, even if in some obfuscated form (even that isn't usually true with APKs though), but whatever, if it works for you — fine, then I have a solution to your problem.

Don't include API_KEY in the published source, include rot13(API_KEY).

You have to consider the intention of the service provider, which in this case is more geared towards mobile clients than web services. It's perfectly clear that binaries will include the API key, no interpretation needed on that part.

It's the source code part that is open to interpretation. I could of course just ask for explicit permission for that.

So rot13 should work as fine as that, I'd assume. You wouldn't publish API_KEY this way, would you?

In a sense, perhaps. But I feel that's just technical trickery on a reasonable request, so I don't see myself bothering with such workarounds.