I would like to publish a a library with debuggable true on release build types. This would help me debug that library. What are the potential problems if this library goes into production? Is it secure ? What difference does it make when released with debuggable as false?
buildTypes {
release {
minifyEnabled true
debuggable true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
}
First of all, you can not publish an apk with debuggable set to true.
Google play console will give you an error just after you upload the apk.
Secondly, it is not secure at all. Your apk will be very slow.
There are differences in a debug build and a release build. Release builds are much faster. Release builds do not print logs (it is a good practice to not print logs in release builds) which makes execution slower as it takes time to print the characters in the console and all print commands are usually in sync.
Moreover, a release build may also trigger code obfuscation and splits.
Related
HI I have develop one app which is working perfectly in debug . but same code base when i trying to run code in release build some API is not firing because proguard . i dont know its because of proguard or minifyEnabled true or shrinkResources true then i made both false as below .
buildTypes {
release {
minifyEnabled false
shrinkResources false
crunchPngs false // Paste this line
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
using above code its working fine but when i try to upload build in play store release build with signed bundle file then its showing below error :
You uploaded a debuggable APK or Android App Bundle. For security reasons you need to disable debugging before it can be published in Google Play. Learn more about debuggable APKs and Android App Bundles.
please help me how to fix this issue .can we disable proguard for release build if not then how to fix this issue .
In build.gradle (app) file we have this by default,
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
According to https://developer.android.com/studio/build/shrink-code,
minifyEnabled true make the code more secure (making it hard to reverse engineer) and also shrink the size in release build, which we use for publishing the app.
I know that using minifyEnabled true makes compile time longer, but usually debug builds are used for development and testing, which is not affected anyways.
What I'm looking for is that, what are the disadvantages (such as performance impacts) cause by using minifyEnabled true at runtime. I'm not worried about the build time of a release build.
Google Play Console also recommending us to enable it therefore I'm wondering why is minifyEnabled is disabled by default.
By adding minifyEnabled true in your release build you can obfuscate code but it is set to false by default in release builds because if set true it shall require proguard rules to be written to tell the compiler which classes are to be ignored while obfuscating the code. If minifyEnabled is set to true by default and the developer forgets to add proguard rules, it can lead to runtime crashes.
However, setting minifyEnabled to true and shrinkResources to true can reduce your apk size.
As NIKHIL AGGARWAL said, setting minifyEnabled to true can lead to runtime crashes.
You should research each used library so that include their ProGuard rules into your project. Also sometimes after Gradle or libraries upgrade you should again check ProGuard rules and accordingly update them in your project.
You should add data classes of your network model to ProGuard.
You should check your release build on several devices/emulators with different Android versions to understand where it can crash. Debugging in release build is difficult and with obfuscation it becomes a nightmare.
However after you set minifyEnabled = true and avoid crashes you will decrease apk size and impede to cracking attempts.
In my debug android app I made a sign in into firebase with google and facebook and it worked well, but after generating signed APK it's not working, I updated SHA1 in firebase project with release SHA and updated key hash in facebook for developers also but it still not working what can I do.
Most of the times things like this happens because of proguard, it removes some of the files when building apk. Check if it works when proguard is disabled. if it works then try to configure proguard to keep all required files.
To disable proguard set minifyEnabled false in build.gradle
after changing it will look somewhat like
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
debug {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
To further configure proguard you can easily find tutorial on google.
Some helpful links:-
https://stackoverflow.com/a/26274623/5176343
https://stackoverflow.com/a/15761408/5176343
It's tough to say without seeing the code, but one thing that has worked for me in the past was turning off proguard and/or minify in build.gradle. Those things were changing property names in the release apk for me which then caused de-serialization to fail for me because the names didn't match what was in the json.
Have you selected a build version to release and than generate singed apk i hope this will work for you.
As the title says.... I'm trying to understand any possible differences between the "debug" and "release" build variants of my Android app in addition to those specified in the build.gradle file.
The reason for asking is that I'm trying to pin down some odd things that are happening when I build my Android app as a release build rather than a debug one, and I'm wondering what may be happening behind the scenes that I don't know about.
Here's the current version of the buildTypes section of build.gradle:
buildTypes {
debug {
debuggable true
}
release {
debuggable true
signingConfig signingConfigs.config
// Disable Proguard altogether, hopefully:
minifyEnabled false
// getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
Beside this lot, is there anything done automatically in the release build by Android Studio? I'm using Android Studio version 2.2.3.
ASIDE 1 - Before anyone says that I shouldn't have debuggable true in a release build, I know that - I'm just trying to make the two builds identical in every respect so that I can pin down the weird things that are happening.
ASIDE 2: I've already seen this question, and it doesn't address my one.
Thanks in advance!
I am using Android Studio 1.0.2.
When I click assembleRelease in gradle tasks, two files are generated, app-release-unaligned.apk and app-release.apk. I know app-release-unaligned.apk is unaligned but what is app-release.apk? Is it aligned apk? My build.gradle is like below.
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-project.txt'
signingConfig signingConfigs.config
zipAlignEnabled true // Is this necessary or not in Android Studio 1.0.2?
}
}
Even if I didn't put zipAlignEnabled true, app-release.apk is generated.
Is it still necessary in Android Studio 1.0.2?
All information I get about zipalign is before Android Studio 1.0 comes out.
You don't need to set that flag.
From official guide
The possible properties and their default values are:
It is both aligned and signed.
Ready for publication.
AFAIK zipAlignEnabled is true by default for release builds.