I came across with many websites which decompile APK. For Example this website Java Decompiler I was able to decompile the APK and get all the links which were used in the project. My Question is there any way we prevent some files/folder from being decompiled to protect the static links/Secret keys.
you can use progaurd in your build.gradle to protect the static links/Secret keys.
buildTypes {
release {
release{
proguardFiles getDefaultProguardFile(
'proguard-android-optimize.txt'),
'proguard-rules.pro'
}
}
}
Related
I recently started using Firebase Dynamic Links in my Android app. Everything works great when I run my app with a debug APK. When I click on a dynamic link, it opens my app on the correct screen with the intent filter I set up in my manifest.
Here's what it looks like in the debug version:
Correct result
However, I have noticed that the dynamic link doesn't work when I generate a release APK and try to click the same link. Instead the link opens in a browser first before opening my app at the launcher activity which isn't the activity I specified with my intent filter.
Here's the same test in the release version:
Incorrect result
I'm assuming this is a problem with my build settings but it could be something else. I haven't been able to identify it. I tried disabling proguard in my app's build.gradle file but that had no effect.
For reference, here's the buildTypes snippet of my build.gradle file:
buildTypes {
debug{
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
Also the proguard-rules.pro file is currently empty. Any help would be appreciated!
Have you created a SHA256 key based on your production keystore? You have to add it to your project inside the Firebase console in order to have app links enabled.
Reference to documentation: https://firebase.google.com/docs/dynamic-links/android/receive#app_links
I want to build an .aar library and proguard classes, but my library proguard file doesn't work, and I can see clear classes.
Here is my proguard file:
android {
buildTypes {
release {
minifyEnabled true
useProguard true
proguardFiles getDefaultProguardFile('proguard-android.txt'),'proguard-rules-my-lib.pro'
}
}
}
and app/build.gradle:
android {
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
While you can probably shrink and obfuscate the library itself, the usual practice is to leave minifyEnabled as false and provide the proguard configuration to the application, using consumerProguardFiles instead of proguardFiles.
This means that the minification is applied only once, on the whole application, using the merged configuration from the app's proguardFiles and the libraries consumerProguardFiles. This is usually more efficient because parts of the libraries not actually used by the application can be removed.
Create a Android Studio Project and convert it to library Follow this link. Build and Execute the command Generate APK, .aar file will be created in release/debug folder.
Write the proguard rules as similar to APK, it will apply to .aar file also.
I hope this helps
In my debug android app I made a sign in into firebase with google and facebook and it worked well, but after generating signed APK it's not working, I updated SHA1 in firebase project with release SHA and updated key hash in facebook for developers also but it still not working what can I do.
Most of the times things like this happens because of proguard, it removes some of the files when building apk. Check if it works when proguard is disabled. if it works then try to configure proguard to keep all required files.
To disable proguard set minifyEnabled false in build.gradle
after changing it will look somewhat like
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
debug {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
To further configure proguard you can easily find tutorial on google.
Some helpful links:-
https://stackoverflow.com/a/26274623/5176343
https://stackoverflow.com/a/15761408/5176343
It's tough to say without seeing the code, but one thing that has worked for me in the past was turning off proguard and/or minify in build.gradle. Those things were changing property names in the release apk for me which then caused de-serialization to fail for me because the names didn't match what was in the json.
Have you selected a build version to release and than generate singed apk i hope this will work for you.
Under minifyEnabled I changed from false to true.
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
Then I generated a signed APK and used javadecompilers.com to see if files had been altered and the classes,variables, etc were still the same.
I also attempted to use dex2jar, but the terminal stated that no files were found. I also attempted to export my android studio project as a jar file.
Any other suggestions ?
Did you build a release version of your application? As default for minifyEnabled is false, so if you build a debug version, that would explain it.
Other than that, could you post your proguard-rules.pro file? It might contain exceptions that are too broad.
I've used dex2jar many many times, and it's worked for me.
I'm on a mac, so i simply run "./d2j-dex2jar.sh app.apk" command, and then open the resulting jar file in a program called JDGui, there you can see all the files in the jar file.
i have search many time to how secure my web service in my android project but always got a single answer set ProGuard in Gradle file.
But i don't have idea about ProGuard.
Please any one can idea about ProGuard so help me and explain with example step by step.
I have already read ProGuard rules on developer site (https://developer.android.com/)
Below code inside my Gradle file
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
above code through not secure my web services.
I have find a solution...
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
We can update above code build.gradle file and sync your project
Proguard can help you in minifying and code obfuscation
Details here
https://developer.android.com/google/play/billing/billing_best_practices.html
However to secure the webservice, you need to implement SSL authentication. You will get great details here,
https://developer.android.com/training/articles/security-ssl.html
In case you are stuck with any specific problem during implementation then post it here.
Regards
AShish