Android Proguard | Shrink, Confiscate, and Obfuscate code for your Android Application.

By StartxLabs
Date 29-09-17
Android Proguard | Shrink, Confiscate, and Obfuscate code for your Android Application.
" None"

To make an application is not good enough, but it also needs to make secure and optimize. It’s the basic needs of an application.

Security & Optimization play a great role in-app ratings, even clients also demand a secure and optimize app. We are providing client based app development services and these are their basic requirements.

To overcome issues regarding a big size apk and security, ProGuard is the basic and recommended technique to use. Everyone can use even a beginner as well as experienced developer. It’s a great technique to prevent your app from reverse engineering (Decompile apk, theft code).

This article gives you a basic idea, how ProGuard used in the android studio. Let’s first take a tour of the little introduction about exactly, what is the ProGuard and why we use this.

ProGuard is the technique to shrink the code, which detects and remove the unused classes, fields, methods, packages and attributes (including code libraries).

It follows a set of steps:

Shrinking, Optimizer, Obfuscator and Preverifier.

Shrinking: It shrinks the code to by detecting and removing unused code.

Optimizer: It analyzes and optimizes the bytecode.

Obfuscator: It renames the optimize classes, methods with short names. (Used to prevent Reverse Engineering).

Preverifier: It converts the optimized code into optimizing jars and libs.

It is the whole process which proguard is used. Now let’s take a look why we use this,

- It optimizes the apk size which is an advantage for both user and developer.

- On a normal apk (without proguard) is easy to apply reverse engineering, which may lead to many issues.

To enable ProGuard in your project you have to enable it is app’s Gradle file (build.gradle)

If you want to apply proguard on debug mode, then you have to write same lines in debug module.

 

Proguard files:
proguard-android.txt’ file, You can find it inside in your SDK’s folder/tools/proguard/

 file, you can find its root of the module and you can customize it. You can also add the proGuard rules for each module’s as a tree hierarchy Like this (Not go in detail).proguard-rules.pro’

proguardFiles getDefaultProguardFile(‘proguard-android-optimize.txt’)
proguardFiles fileTree(‘proguard’).asList().toArray()

See in the android studio: Gradle Script Folder near build.gradle. (Each module has each own proguard-rules.pro and build.Gradle file, if you are working with modules).

It gives some output files such as

dump.txt : Describes the internal structure of all the class files in the APK. mapping.txt : Provides a translation between the original and obfuscated class, method, and field names.

seeds.txt : Lists the classes and members that were not obfuscated. usage.txt : Lists the code that was removed from the APK.

Which you can find in app’s (modules)/build/outputs/mapping/release/ folder.

 

Now how you can test it,

First, generate the apk with the applied proguard build type, you may get some errors and warning on apk generation (These are normal we are facing also)

-If you getting errors like ClassNotFoundExceptions or may crash the app then you have to keep those classes which are not found or causes errors.

like this for classes, also can apply for members and fields
-keep public class <className with pakage> 
-keep class retrofit2.** { *; }

-For Warning: You need to take a look on stack trace to find which classes give those warnings,

-dontwarn <classes_name>
-dontwarn retrofit2.**
-dontwarn java.nio.file.*
-dontwarn okio.**

then put these lines in your app’s (module) ‘proguard-rules.pro’ file.

After that, you have successfully applied proguard in your application. Also, check the size of apk this is now smaller than before‘s size and secure on decompile apk.

Thank you, I Hope this will help you.

subscribe to startxlabs

startxlabs