In below error you can see RegisterActivity.a the class name is converted in some other characters. Can someone suggest what should I do in such a situation, when class name is not appearing in error logs.
at com.abc.angpau.appClasses.activities.RegisterActivity.a(:53)
at com.abc.angpau.appClasses.activities.c.a(Unknown Source:4)
You might have built a release version and proguard is active.
Look at the gradle files.
When you have minifyEnabled true proguard is active.
Usually you only want to enable it in release mode, so you can debug with all the original names if a crash occurs. But you might want to enable it in debug for a moment to test everything works as expected when proguard is enabled.
Proguard obfuscates the code changing the name of vars, methods... It also generates a mapping file so that you can then do the opposite translation to read stack traces. This mapping is used by some services that capture crashes like firebase to desimbolicate them.
And there is a config file so that if some classes/methods should not be obfuscated you should use it, usually when a lib requires this it provides you with the proguard config to keep names in some specific classes.
Related
When building the androidTest apk I get the multiple of the follow error:
'com.google.android.play.core.assetpacks.c' cannot be mapped to 'Lcom/google/android/play/core/assetpacks/c;' because it is in conflict with an existing class with the same name. This usually happens when compiling a test application against a source application and having short generic names in the test application. Try giving 'Lcom/google/android/play/core/assetpacks/c;' a more specific name or add a keep rule to keep 'com.google.android.play.core.assetpacks.c'.
However my other builds work fine. Disabling minify works of course, but I want to test against a minify build.
I had the same problem and "android.enableR8=false" helps me because I use proguard at the moment.
gradle.properties file,
android.enableR8=false
I enabled Proguard for my app and now when I get an exception, in Android Monitor I'm seeing something like
at com.mydomain.myapp.v.c(SourceFile:901)
at com.mydomain.myapp.v.a(SourceFile:1260)
In another app that I have, I also have proguard available, but I'm seeing something like
at com.mydomain.myotherapp.v.c(MainMenuScreen.java:948)
and I can click on the class name and Android Studio takes me to the exact line. I've tried copying the entire contents of the proguard file to the first app and nothing changes.
What is the setting in my project that makes Android Monitor have nice clickable links? In my proguard rules I have:
-keepattributes Exceptions, InnerClasses,
Signature, Deprecated, SourceFile, EnclosingMethod, LineNumberTable
There is a reason why you run proguard and obfuscate the code, that reason is not being able to do that! Else it would totally dismiss the point of obfuscation.
What you can do is to fetch your mapping.txt that is in your outputs folder and with the help of proguardgui.bat that is somewhere in your sdk folder you can get a normal stacktrace
I have been working on android app development from past 4 months and now I have developed my first app and as it is easy to decompile a apk so we should use dex or proguard for shrinking and protection.The problem is I have read in an article that proguard may change the code so sometimes a app may misbehave ,this is my first app and I don't want to mess up.So before using proguard in my app I have few questions -
1.What are the points to keep in mind before using proguard.
2.I read you can use keep command but proguard will not obfuscate that code and it will remain same,so I want my all code but as I will use keep it won't do anything.
3.How to make sure that the after functioning of app is same as before after using proguard.
4.Is is necessary to sign app or make key for using proguard?
Question1. What to keep in mind!
The docs state that there may be unintended events that occur from using proguard
Be aware that code shrinking slows down the build time, so you should
avoid using it on your debug build if possible. However, it's
important that you do enable code shrinking on your final APK used for
testing.
After ProGuard shrinks your code, reading a stack trace is difficult (if not impossible) because the method names are obfuscated.
I believe this answers question 3
The key word here is test, test, test! The moment you create your release apk. Test the functionality against your use cases to see if the application is still running the way it should.
If you don't have tests yet I would recommend write some at least unit tests before you release and test the proguard app against that.
Question 4: No you do not need a key to use proguard. I have used it on my debug builds before.
So your typical release build variant could look something like this:
//AndroidStudio3.0.1Canary
release {
postprocessing {
removeUnusedCode true
removeUnusedResources true
obfuscate true
optimizeCode true
proguardFile 'proguard-rules.pro'
}
}
I'm creating an app for android and ios, and i already know that it's theoretically possible to decompile an android app. The app contains sensitive information that i don't want users to have access to as the app interfaces with a webserver. If a user gained access to some information available in the source code, they could potentially spam my web server with requests.
Is there any way to authenticate a connection between the app and the server, assuming that the source code is accessible, or is there any way to obfuscate my code to prevent a malicious user from spamming my webserver.
Thankss
[UPDATE]
**
When you build your application using Android gradle plugin version > 3.4.0, the plugin chooses R8 to optimize and obfuscate the code. The rules can now be configured on proguard-rules.pro or proguard-app.conf files. the rules to indicate what to exclude from the obfuscation are similar to the ones in proguard.cfg used earlier.
You can import your proguard files in your build.gradle like
buildTypes{
...
release{
proguardFiles getDefaultProguardFile(
'proguard-android-optimize.txt'),
'proguard-rules.pro'
}
}
R8 picks up all the existing proguard rules files as long as they're included in the build.gradle. You can also configure what pieces to obfuscate for different product flavors that you may have.
**
[OLD BUT RELEVANT INFO]
Proguard is a tool that will help you obfusate your code. This comes as part of your android tools and you just need to activate it. This link and this will help further.
Proguard's default configuration (in proguard.cfg) will be enough to sufficiently obfuscate your code. However you might want to tweak your proguard configuration when you have methods/classes that are being dynamically accessed.
For instance, accessing classes/methods with Reflection will need you to have the code to be intact. You might sometimes experience ClassNotFoundException if proguard obfuscates it.
If you have classes that are being accessed in the AndroidManifest/ Layout Files, you should prevent proguard from obfuscating them.
This can be done by adding
-keep public class <MyPackage.MyClass>
to your proguard.cfg.
**
While Proguard makes static analysis harder, DexGuard protects from both static and dynamic analysis. DexGuard is specifially for android applications and is only commercially available while Proguard is open source and is for any java bytecode obfuscation / optimization.
You cannot prevent decompiling android apk, you can just increase the difficulty of decompilation, proguard is the best option.
DexGuard provides even better security then ProGuard but it is NOT free: https://www.saikoa.com/dexguard
DexGuard can even obfuscate String constants.
I am using Proguard in my application, After exporting build i have performed reverse engineering on it with help of dex2jar, but some java class names are still in readable format but method names are obfuscated.
e.g. If i having class named as TestClass.java before obfuscation after obfuscation it expect something like a.java or b.java...
But it appears as TestClass.java for Activity classes in my project.
Do anybody having any idea where i am wrong that Activity classes names are in readable format ?
Thanks in Advance!
ProGuard is integrated into the Android build system, so you do not have to invoke it manually. ProGuard runs only when you build your application in release mode, so you do not have to deal with obfuscated code when you build your application in debug mode. Having ProGuard run is completely optional, but highly recommended.
When you build your application in release mode, either by running ant release or by using the Export Wizard in Eclipse, the build system automatically checks to see if the proguard.config property is set. If it is, ProGuard automatically processes the application's bytecode before packaging everything into an .apk file. Building in debug mode does not invoke ProGuard, because it makes debugging more cumbersome.
http://developer.android.com/tools/help/proguard.html.
The above quote is from the documentation. Is your application in release mode?
http://developer.android.com/tools/publishing/app-signing.html#releasemode
Edit:
What is obfuscation?
By default, compiled bytecode still contains a lot of debugging information: source file names, line numbers, field names, method names, argument names, variable names, etc. This information makes it straightforward to decompile the bytecode and reverse-engineer entire programs. Sometimes, this is not desirable. Obfuscators such as ProGuard can remove the debugging information and replace all names by meaningless character sequences, making it much harder to reverse-engineer the code. It further compacts the code as a bonus. The program remains functionally equivalent, except for the class names, method names, and line numbers given in exception stack traces.
Because in \sdk\tools\proguard\proguar-android file, written something like this
-keep public class * extends android.app.Activity
so it means that when proguard runs, these classes will keep their CustomNames. Otherwise programm can not find your class