Using Common Proguard File in Multi-Application-Module Android Project - android

I have created a Wear OS module in our existing Android mobile application. Both application modules remain in the project like following:
Project/app
Project/wear/wear_presentation
Project/otherLibModule/other_lib_module_presentation
and we have a common.gradle that is used by app and wear_presentation:
buildTypes {
release {
minifyEnabled true
debuggable false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
debug {
debuggable true
minifyEnabled false
}
}
Before Wear OS module, we had a single proguard file inside app module that handles all minifying work, but now we have 2 application modules that have separate proguard files. That forces me to copy/paste all content from app proguard file into wear_presentation proguard file and this approach seems amateurish.
I want to use a single common proguard file that is used by both app and wear_presentation modules.
Is it possible?

Importing from Libraries is supported already.
https://developer.android.com/studio/build/shrink-code#configuration-files
/proguard.txt - If an AAR library is published with its own ProGuard rules file, and you include that AAR as a compile-time dependency, R8 automatically applies its rules when compiling your project.
Using rules files that are packaged with AAR libraries is useful if certain keep rules are required for the library to function properly—that is, the library developer has performed the troubleshooting steps for you.
However, you should be aware that, because ProGuard rules are additive, certain rules that an AAR library dependency includes cannot be removed and might impact the compilation of other parts of your app. For example, if a library includes a rule to disable code optimizations, that rule disables optimizations for your entire project.
/META-INF/proguard/ - for JAR libraries
It's commonly used by libraries like OkHttp https://github.com/square/okhttp/blob/okhttp_4.10.x/okhttp/src/main/resources/META-INF/proguard/okhttp3.pro

Related

Configure proguard in a multimodule SDK Android library project

I'm working on an Android SDK that is about to be split into separate modules, with some code being shared between others, namely:
shared classes
SDK with feature #1
SDK with feature #2
There is a need of obfuscating the output AARs. With one single module it's not an issue, but I can't find how to configure the whole project correctly with Proguard.
How does the Proguard obfuscation work in case when I want to publish a new version of all these libraries? Will all the modules be obfuscated separately? How can I make sure that all the modules will be obfuscated at once and the release version of the libraries will correctly refer to all the artifacts that are located in the shared module?
Not sure I understand the issue.
But if you want to release 2 SDKs now instead of 1 (before split), I don't think the setup should differ very much.
Just make sure you have proguard file in these SDKs and you are using it in the build script specific to that SDK (module). Then just run something like :sdk:assembleRelease and you are done.
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'library.pro'
}
It is described in detail in this issue:
Obfuscating the .aar files
I understand that shared module is not published, so there you just need to define specific proguard rules that will be used by other modules, like this:
release {
minifyEnabled true
consumerProguardFiles 'onboarding-proguard-rules.pro'
}

JAVA code visible in android APK - APK Analyzer

I am trying to view APK contents using Android Studio's APK analyzer tool.
According to https://developer.android.com/studio/build/apk-analyzer, APK would contain dex files from which class information can be viewed.
With my sample application, I am able to see .java classes directly in the APK. Refer APK files.
I want to avoid having the JAVA classes as part of APK to reduce APK size and for security reasons.
Use like this in your build.gradle -
android {
buildTypes {
release {
// Enables code shrinking, obfuscation, and optimization for only
// your project's release build type.
minifyEnabled true
// Enables resource shrinking, which is performed by the
// Android Gradle plugin.
shrinkResources true
// Includes the default ProGuard rules files that are
packaged with
// the Android Gradle plugin. To learn more, go to the
section about
// R8 configuration files.
proguardFiles getDefaultProguardFile(
'proguard-android-optimize.txt'),
'proguard-rules.pro'
}
}
...
}
Do read google Docs for better understanding. You will get a clear picture.
Follow this -
https://developer.android.com/studio/build/shrink-code

Gradle - Are proguard configurations inherited?

This might be too broad, but I would like an explanation on how Proguard and minification configurations are passed between projects and their dependencies to understand how deeply are these operations made in my project's dependency tree.
I have on build.gradle of `themodule':
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
dependencies {
compile project(':someothermodule')
compile 'some.maven.central.library'
}
By the configuration it seems clear that the classes inside themodule will be minifyed and obfuscated, but what happens with the classes of someothermodule? Will they also be minifyed and obfuscated? Even if someothermodule has minifyEnabled true?
What happens if 'someothermodule' is just a .jar dependency?
What happens with the configurations of some.maven.central.library?
Are the Proguard configurations of the module being built cascading down to its dependencies or each of them follows its own rules?
If a module get obfuscated (minifyEnabled true) by itself, the used configuration is not automatically inherited by the consuming module (in your case the application).
There is a mechanism in the Android gradle plugin to enabled this:
consumerProguardFiles 'proguard-rules.pro'
The rules that are contained in proguard-rules.pro will be automatically included in the application project and merged with other configuration files.
This will only work for Android library projects (.aar). If you have a dependency to a .jar file on maven central for example, no such consumer rules will be available, and you have to add the needed configuration to your application project yourself.
Keep in mind that the configuration to obfuscate a module and the one used by the consuming application / module does not need to be identical. The consumer rules will in most cases only be a set of -keep rules.
Technically, it is the following :
Library projects by themselves don't run ProGuard, so they don't use
any configuration.
Application projects obfuscate the entire code base, including any
referenced libraries, so they need proper configuration for the
application code and for the library code.
I had a small case where I had a Facebook library as a gradle dependency and since we were obfuscating the code with minifyEnabled:true we had to keep all its code from being obfuscated, using the regular keep commmands such as :
-keep class com.facebook.** { *; }
Additionally, and regarding the .jar obfuscation, you can check this other post
Regards,

Android support library increases APK size a lot

I'm using AppCompat support library in my Android project. AppCompat has plenty of drawables and resources which I don't use in my app. That unnecessary files increases my 900K app to above 2M, which I don't like.
Is there any way to exclude those files when creating the APK file? Or I should obfuscate the library in my code instead of making a dependency?
I'm using Gradle in Android Studio.
Thanks
EDIT 1 I am using proguard already. but proguard can't know I don't want to have drawable-xxxhdpi or values-it for example.
EDIT 2 I am also using Android Lint, which can't help me, beacuse I don't access to lib's code directly, and android adds them when building the APK file.
Starting from version 24.2.0, the v4 Support Library has been split into several smaller modules.
So, apart from using shrinkResources and proguardFiles, also make sure that you are using only the specific modules that your app needs. e.g.
If your app only uses Compat utils like NotificationCompat, ContextCompat or ResourcesCompat etc., use only the compat module as:
compile 'com.android.support:support-compat:24.2.0'
From Android Gradle Build System, since version 0.7.0:
New option on product Flavor (and defaultConfig) allow filtering of resources through the -c option of aapt
You can pass single value (resConfig) or multiple values (resConfigs) through the DSL.
All values from the default config and flavors get combined and passed to aapt.
See "basic" sample.
In the "basic" sample:
defaultConfig {
...
resConfig "en"
resConfigs "nodpi", "hdpi"
}
So, try the following to achieve what you asked for:
productFlavors {
...
frOnly {
resConfig "fr"
}
...
}
Note that you might also want to include *dpi, port, land, etc.. as well.
Answer is from: Android Studio exports strings from support library to APK, thanks to Primoz990
shrinkResources can also be an option for you. It is available since 0.14 - but be careful - it still has some pits like protect resources when using shrinkResources
Although OP has cleared up that he is using proguard, I would like to post some code if it helps someone because I am able to shrink my app from 3.8 MB to 3.1 MB using the accepted answer and further to mere 1.8 MB through proguard. I used this configuration in my app level build.gradle file:
buildTypes {
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}

Obfuscation in Android Studio

Is there any obfuscation tool to use with Android Studio? IntelliGuard plugin is declared to be supported by the Studio, but it doesn't work actually due to missing AntSupport plugin. I wan't able to find one in the repository. Any ideas?
P.S. Android Studio build process is based on Gradle, so I wouldn't expect to see Ant support there at all. May be I'm wrong.
Basic Obfuscation
To obfuscate code in Android studio just go to your build.gradle file in your Android Studio project:
Change the minifyEnabled property from false to true
This is a basic Obfuscation.
After generating the apk you can see the obfuscation result by decompiling the apk with any software. This page could help you:
http://www.decompileandroid.com/
In the obfuscation result you will see classes with name: a,b,c....
And the obfuscation variables and methods will have also names like aa,c,ac...
Normal obfuscation:
To obfuscate the code in a more complex form you could go to your root directory app and create a .pro file. For example in the following picture I have created the file: proguard-rules-new.pro. In the same directory you should see a file called proguard-rules.pro
Now add the file you have created to the build.gradle file
And edit the .pro file you have create with your own custom proguard rules
First enable minifyEnabled in your build.gradle file, like
minifyEnabled true
After this, add below lines in progurad-rules.txt file
-keep class yourpackage.** { *; }
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-verbose
For checking that its working fine go to:
http://www.javadecompilers.com/apktool website so that you can verify after decompilation.
It will work and your classes will be hidden completely.
Update: R8 is by default enabled in android studio version 3.4.0 and above
In android studio 3.4+, R8 is enabled by default so no need to add additional property though you can opt for deep optimizations by adding fullMode property in gradle.properties as:
android.enableR8.fullMode=true
You can disable R8 and enable proguard by adding following properties in gradle.properties as:
android.enableR8 = false
useProguard = true
Android September 2018 release a new tool R8 shrinker and obfuscation tool.
R8 - R8 is a java code shrinker and minifying tool that converts java byte code to optimized dex code
For AS version below 3.4.0.
Open gradle.properties
Add android.enableR8 = true
as
# Specifies the JVM arguments used for the daemon process.
# The setting is particularly useful for tweaking memory settings.
org.gradle.jvmargs=-Xmx1536m
# When configured, Gradle will run in incubating parallel mode.
# This option should only be used with decoupled projects. More details, visit
android.enableR8 = true
Minimum Requirements:
Android studio 3.2 September 2018 release or above
Java 8
R8 Tool
R8 supports Proguard:
Keep in mind, R8 is designed to work with your existing ProGuard rules, so you’ll likely not need to take any actions to benefit from R8. However, because it’s a different technology to ProGuard that’s designed specifically for Android projects, shrinking and optimization may result in removing code that ProGuard may have not. So, in this unlikely situation, you might need to add additional rules to keep that code in your build output.
To Disable R8 in AS 3.4.0 and above:
# Disables R8 for Android Library modules only.
android.enableR8.libraries = false
# Disables R8 for all modules.
android.enableR8 = false
Note: For a given build type, if you set useProguard to false in your app module's build.gradle file, the Android Gradle plugin uses R8 to shrink your app's code for that build type, regardless of whether you disable R8 in your project's gradle.properties file.
Proguard is well-supported on Android studio. You have to configure Gradle to run it. Instructions: http://tools.android.com/tech-docs/new-build-system/user-guide#TOC-Running-ProGuard
after setting minifyEnabled to true there are two version of apk you can get, so that you have to add debug option in your build.gradle to obfuscate debug one:
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
debug {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
sync, build and build apk

Categories

Resources