when I am setting minifiyEnabled to true in my any variant (debug or release) it gives me below error -
Warning:retrofit.appengine.UrlFetchClient: can't find referenced class com.google.appengine.api.urlfetch.HTTPRequest
Warning:retrofit.appengine.UrlFetchClient: can't find referenced class com.google.appengine.api.urlfetch.HTTPHeader
Warning:library class android.webkit.WebView depends on program class android.net.http.SslCertificate
Warning:library class android.webkit.WebViewClient depends on program class android.net.http.SslError
Warning:library class org.apache.http.conn.ssl.SSLSocketFactory depends on program class org.apache.http.conn.scheme.HostNameResolver
Warning:library class org.apache.http.conn.ssl.SSLSocketFactory depends on program class org.apache.http.params.HttpParams
Warning:library class org.apache.http.params.HttpConnectionParams depends on program class org.apache.http.params.HttpParams
Warning:there were 176 unresolved references to classes or interfaces.
Warning:there were 23 instances of library classes depending on program classes.
Warning:there were 6 unresolved references to program class members.
Warning:Exception while processing task java.io.IOException: Please correct the above warnings first.
Error:Execution failed for task ':app:transformClassesAndResourcesWithProguardForProductionDebug'.
> Job failed, see logs for details
It is working fine in emulator or device if its lolipop or higher.
My problem resolved if i disable or make minifyEnabled to false, but I don't really want so.
My gradle tool is build:gradle:2.3.0'
And multiDexEnabled true
Note - I am not keeping any class or attribute in my proguard-rules.pro file.
After a lot of recherches and experiments I have got the solution. We have to add keep and dontwarn statments in our proguard-rules.pro file -
# Retrofit 1.X
-keep class com.squareup.okhttp.** { *; }
-keep class retrofit.** { *; }
-keep interface com.squareup.okhttp.** { *; }
-dontwarn com.squareup.okhttp.**
-dontwarn okio.**
-dontwarn retrofit.**
-dontwarn rx.**
-keepclasseswithmembers class * {
#retrofit.http.* <methods>;
}
# If in your rest service interface you use methods with Callback argument.
-keepattributes Exceptions
# If your rest service methods throw custom exceptions, because you've defined an ErrorHandler.
-keepattributes Signature
# Proguard configuration for amazon Jackson 2.x (fasterxml package instead of codehaus package)
-keep class com.amazonaws.** { *; }
-keepnames class com.amazonaws.** { *; }
-dontwarn com.amazonaws.**
-dontwarn com.fasterxml.**
-keep public class com.google.android.gms.* { public *; }
-dontwarn com.google.android.gms.**
-dontwarn org.mockito.**
-dontwarn sun.reflect.**
-dontwarn android.test.**
-dontwarn org.hamcrest.**
-dontwarn android.test.**
-dontwarn android.support.test.**
-keep class org.hamcrest.** {
*;
}
-keep class org.junit.** { *; }
-dontwarn org.junit.**
-keep class junit.** { *; }
-dontwarn junit.**
-keep class sun.misc.** { *; }
-dontwarn sun.misc.**
-keep public class android.net.http.SslError
-keep public class android.webkit.WebViewClient
-dontwarn android.webkit.WebView
-dontwarn android.net.http.SslError
-dontwarn android.webkit.WebViewClient
-keep class org.apache.http.** { *; }
-dontwarn org.apache.http.**
Note - I followed the warnings in messages and by picking one by one put my proguard rule accordingly.
if you are define proper proguard rules and still issue then please minifyEnabled true use only for application level for other module use minifyEnabled false.
Also if any lintError found and its not possible to solve then use below code
lintOptions {
checkReleaseBuilds false
// Or, if you prefer, you can continue to check for errors in release builds,
// but continue the build even when errors are found:
abortOnError false
}
I have checked that and its works after so much effort.
Try to add the following lines to your proguard configuration:
# Platform calls Class.forName on types which do not exist on Android to determine platform.
-dontnote retrofit2.Platform
# Platform used when running on Java 8 VMs. Will not be used at runtime.
-dontwarn retrofit2.Platform$Java8
# Retain generic type information for use by reflection by converters and adapters.
-keepattributes Signature
# Retain declared checked exceptions for use by a Proxy instance.
-keepattributes Exceptions
It's for retrofit library. For other external libs you can use this method with own packages which you want to ignore;
-dontwarn org.apache.** - for example
More about ProGuard usage you can find here
Related
I'm building an Android app using Android Gradle Plugin 4.1.0 and Gradle 6.5.1. In my build.gradle file the flag minifyEnabled has the value true. This is my proguard-rules.pro file:
#rx
-dontwarn rx.**
-keep class rx.** { *; }
#retrofit / okhttp
-dontwarn retrofit.**
-keep class retrofit.** { *; }
-keep class okio.** { *; }
-keep class com.squareup.okhttp.** { *; }
-keep interface com.squareup.okhttp.** { *; }
-dontwarn com.squareup.okhttp.**
-dontwarn okhttp3.internal.platform.**
-dontwarn okio.**
-dontwarn org.conscrypt.**
#gson
-keepattributes SerializedName
-keep class com.google.gson.** { *; }
-keep class sun.misc.Unsafe { *; }
-keep class * implements com.google.gson.TypeAdapterFactory
-keep class * implements com.google.gson.JsonSerializer
-keep class * implements com.google.gson.JsonDeserializer
-keepclassmembers enum * { *; }
-keepattributes Signature
-keepattributes Exceptions
-keepattributes *Annotation*
-dontwarn javax.annotation.Nullable
-dontwarn javax.annotation.ParametersAreNonnullByDefault
-dontwarn javax.annotation.concurrent.GuardedBy
-dontwarn org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement
#guava
-dontwarn afu.org.checkerframework.checker.formatter.**
-dontwarn afu.org.checkerframework.checker.nullness.**
-dontwarn afu.org.checkerframework.checker.regex.**
-dontwarn afu.org.checkerframework.checker.units.**
-keep class * implements ru.surfstudio.android.network.Transformable
-keep class * implements ru.surfstudio.android.network.response.BaseResponse
-dontwarn com.bumptech.glide.**
#firebase crashlytics
-printmapping mapping.txt
-keepattributes *Annotation*,SourceFile,LineNumberTable
-keep public class * extends java.lang.Exception
-keep class com.google.firebase.crashlytics.** { *; }
-dontwarn com.google.firebase.crashlytics.**
#kotlin-reflect
#https://stackoverflow.com/questions/45871970/kotlin-reflect-proguard-smallsortedmap
-dontwarn kotlin.reflect.jvm.internal.**
#Cashoff javascript interface
-keep class ru.sbi.android.f_analytics.analytics.CashoffInteface { *; }
-dontwarn ru.sbi.android.f_main.R$id
-keep class ru.sbi.android.ui.navigation.MainTabType
#Cross-feature navigation keeps
-keep interface ru.sbi.android.ui.fragment.CrossFeatureFragment {*;}
-keep class * implements ru.sbi.android.ui.fragment.CrossFeatureFragment
#android standard
-keep class ru.surfstudio.android.rx.extension.ConsumerSafe { *; }
-keep class ru.surfstudio.android.rx.extension.ActionSafe { *; }
#AndroidPdfViewer
-keep class com.shockwave.pdfium.util.Size
#firebase
-dontwarn com.google.firebase.messaging.**
#android material
-keep class com.google.android.material.** { *; }
-dontwarn com.google.android.material.**
#Если вы хотите применять новый API Google API для отслеживания инициаторов
-dontwarn com.android.installreferrer.com.android.installreferrer
-ignorewarnings
I see lots of minifyReleaseWithR8 tasks being executed during the build.
But when I'm decompiling the resulting APK using apktool I see that all the package, class, methods names are the same as in my Android Studio. How can I understand why R8 doesn't obfuscate the code?
You have a keep rule for every single class you use in your app. If you have a -keep rule matching a class it will be kept and not obfuscated. For obfuscation to rename items (classes/fields and methods) that either have to not be matched by a keep rule (or matched by a keep rule with modifier allowobfuscation).
Keep rules are only required for items which are looked up through reflection, so you will have to trim down your rules to a much smaller set. I suggest that you start out by an empty proguard-rules.pro and only get what getDefaultProguardFile('proguard-android-optimize.txt') generates (like here). Then your app might not work, but then you can figure out what is going wrong and start adding additional rules. One way to start there is to only keep the classes in you own application package (-keep class ru.sbi.android.** { *; }), as libraries normally does not need keep rules, and then try to trim that further.
Please take a look at Shrink, obfuscate, and optimize your app as well.
I use ProGuard and Joda Time in my Android application (of course, I use a version optimized for Android: https://github.com/dlew/joda-time-android). I ran into the problem that with optimization and obfuscation turned on, I get an error when I try to use PeriodFormat:
java.util.MissingResourceException: can't find resource for bundle java.util.PropertyResourceBundle, key PeriodFormat.space
I compared the contents of the APK when building with and without proguard and saw that the org/joda/time/format directory in the non-optimized version contains 15 properties files, and only 9 in the optimized version. In these files I saw the PeriodFormat.space keys, so leaves no doubt that the exception caused by the loss of these files.
How to configure proguard so that the contents of this directory are transferred to the optimized APK without any optimizations?
I already use the following rules for Joda Time:
-dontwarn org.joda.convert.**
-dontwarn org.joda.time.**
-keep class org.joda.** { *; }
-keep interface org.joda.** { *; }
-keepdirectories org.joda.**
However, they are not enough, because the files still disappear.
java.util.MissingResourceException: can't find resource for bundle
java.util.PropertyResourceBundle, key PeriodFormat.space
Don't
-keep class org.joda.** { *; }
-keep interface org.joda.** { *; }
Do
-keep class org.joda.time.** { *; }
-keep interface org.joda.time.** { *; }
Your proguard will be
-dontwarn org.joda.convert.**
-dontwarn org.joda.time.**
-keep class org.joda.time.** { *; }
-keep interface org.joda.time.** { *; }
Read -keep options.
I have an app that uses retrofit to load data from json file on server. When I run the application on a real device or AVD it loads json to my recyclerview's items and every thing is fine. But when I build an signed APK and then install the app, it doesn't load the json's data like my images urls and ...
# Add project specific ProGuard rules here.
# You can control the set of applied configuration files using the
# proguardFiles setting in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
# Uncomment this to preserve the line number information for
# debugging stack traces.
#-keepattributes SourceFile,LineNumberTable
# If you keep the line number information, uncomment this to
# hide the original source file name.
#-renamesourcefileattribute SourceFile
-dontwarn javax.annotation.**
-dontwarn okhttp3.**
-dontwarn okio.**
-dontwarn javax.annotation.**
-dontwarn org.conscrypt.**
# A resource is loaded with a relative path so the package of this class must be preserved.
-keepnames class okhttp3.internal.publicsuffix.PublicSuffixDatabase
-dontwarn retrofit2.Platform$Java8
# Platform calls Class.forName on types which do not exist on Android to determine platform.
-dontnote retrofit2.Platform
# Platform used when running on Java 8 VMs. Will not be used at runtime.
-dontwarn retrofit2.Platform$Java8
# Retain generic type information for use by reflection by converters and adapters.
-keepattributes Signature
# Retain declared checked exceptions for use by a Proxy instance.
-keepattributes Exceptions
# Retrofit
-keep class com.google.gson.** { *; }
-keep public class com.google.gson.** {public private protected *;}
-keep class com.google.inject.** { *; }
-keep class org.apache.http.** { *; }
-keep class org.apache.james.mime4j.** { *; }
-keep class javax.inject.** { *; }
-keep class javax.xml.stream.** { *; }
-keep class retrofit.** { *; }
-keep class com.google.appengine.** { *; }
-keepattributes *Annotation*
-keepattributes Signature
-dontwarn com.squareup.okhttp.*
-dontwarn rx.**
-dontwarn javax.xml.stream.**
-dontwarn com.google.appengine.**
-dontwarn java.nio.file.**
# Retrofit 2.X
## https://square.github.io/retrofit/ ##
-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions
-keepclasseswithmembers class * {
#retrofit2.http.* <methods>;
}
-keep class io.plaidapp.data.api.dribbble.model.** { *; }
-keep public class android.support.design.widget.BottomNavigationView { *; }
-keep public class android.support.design.internal.BottomNavigationMenuView { *; }
-keep public class android.support.design.internal.BottomNavigationPresenter { *; }
-keep public class android.support.design.internal.BottomNavigationItemView { *; }
While using proguard, you need to keep your model classes used for Retrofit.
Use -keepclass and specify all your model/pojo classes.
-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions
-keepclasseswithmembers class * {
#retrofit2.http.* <methods>;
}
When you're generating your signed application, ProGuard is executing its minification rules against your code. You mention you are using Retrofit. Retrofit's documentation includes ProGuard rules that need to be included in your application as well:
# Platform calls Class.forName on types which do not exist on Android to determine platform.
-dontnote retrofit2.Platform
# Platform used when running on Java 8 VMs. Will not be used at runtime.
-dontwarn retrofit2.Platform$Java8
# Retain generic type information for use by reflection by converters and adapters.
-keepattributes Signature
# Retain declared checked exceptions for use by a Proxy instance.
-keepattributes Exceptions
Additionally, since Retrofit is built on top of Okio, you may need to include Okio proguard rules as well:
-dontwarn okio.**
Set minifyEnabled to false in your build.gradle file.
buildTypes {
release {
minifyEnabled false
The goal is to deploy an application with obfuscation and minification applied. Usual builds without minification work fine. But when minifyEnabled is switched to true, everything compiles too, but all Volley requests fail with error callback (onErrorResponse) regardless on successful result.
Minification config in build.gradle:
buildTypes {
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
debug {
debuggable true
}
}
proguard-rules.pro:
##---------------Begin: proguard configuration for Gson ----------
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature
# For using GSON #Expose annotation
-keepattributes *Annotation*
# Gson specific classes
-keep class sun.misc.Unsafe { *; }
#-keep class com.google.gson.stream.** { *; }
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
# Prevent proguard from stripping interface information from TypeAdapterFactory,
# JsonSerializer, JsonDeserializer instances (so they can be used in #JsonAdapter)
-keep class * implements com.google.gson.TypeAdapterFactory
-keep class * implements com.google.gson.JsonSerializer
-keep class * implements com.google.gson.JsonDeserializer
##---------------End: proguard configuration for Gson ----------
##---------------Begin: proguard configuration for Spongy Castle ----------
-keep class org.spongycastle.crypto.* {*;}
-keep class org.spongycastle.crypto.digests.* {*;}
-keep class org.spongycastle.crypto.encodings.* {*;}
-keep class org.spongycastle.crypto.engines.* {*;}
-keep class org.spongycastle.crypto.macs.* {*;}
-keep class org.spongycastle.crypto.modes.* {*;}
-keep class org.spongycastle.crypto.paddings.* {*;}
-keep class org.spongycastle.crypto.params.* {*;}
-keep class org.spongycastle.crypto.prng.* {*;}
-keep class org.spongycastle.crypto.signers.* {*;}
-keep class org.spongycastle.jcajce.provider.digest.** {*;}
-keep class org.spongycastle.jcajce.provider.keystore.** {*;}
-keep class org.spongycastle.jcajce.provider.symmetric.** {*;}
-keep class org.spongycastle.jcajce.spec.* {*;}
-keep class org.spongycastle.jce.** {*;}
-dontwarn javax.naming.**
##---------------End: proguard configuration for Spongy Castle ----------
# Configuration for Guava 18.0
#
# disagrees with instructions provided by Guava project: https://code.google.com/p/guava-libraries/wiki/UsingProGuardWithGuava
-keep class com.google.common.io.Resources {
public static <methods>;
}
-keep class com.google.common.collect.Lists {
public static ** reverse(**);
}
-keep class com.google.common.base.Charsets {
public static <fields>;
}
-keep class com.google.common.base.Joiner {
public static com.google.common.base.Joiner on(java.lang.String);
public ** join(...);
}
-keep class com.google.common.collect.MapMakerInternalMap$ReferenceEntry
-keep class com.google.common.cache.LocalCache$ReferenceEntry
# http://stackoverflow.com/questions/9120338/proguard-configuration-for-guava-with-obfuscation-and-optimization
-dontwarn javax.annotation.**
-dontwarn javax.inject.**
-dontwarn sun.misc.Unsafe
# Guava 19.0
-dontwarn java.lang.ClassValue
-dontwarn com.google.j2objc.annotations.Weak
-dontwarn org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement
# Security classes for keystore support
-dontwarn java.awt.**, javax.security.**, java.beans.**
# Volley
-dontwarn com.android.volley.**
-dontwarn com.android.volley.error.**
-keep class com.android.volley.** { *; }
-keep class com.android.volley.toolbox.** { *; }
-keep class com.android.volley.Response$* { *; }
-keep class com.android.volley.Request$* { *; }
-keep class com.android.volley.RequestQueue$* { *; }
-keep class com.android.volley.toolbox.HurlStack$* { *; }
-keep class com.android.volley.toolbox.ImageLoader$* { *; }
-keep interface com.android.volley.** { *; }
-keep class org.apache.commons.logging.*
All used dependencies:
compile 'com.android.support:appcompat-v7:23.4.0'
compile 'com.android.support:design:23.4.0'
compile 'com.google.code.gson:gson:2.7'
compile 'com.android.volley:volley:1.0.0'
compile 'com.google.guava:guava:19.0'
compile 'org.apache.directory.studio:org.apache.commons.io:2.4'
compile 'com.madgag.spongycastle:core:1.54.0.0'
compile 'com.madgag.spongycastle:prov:1.54.0.0'
compile 'com.madgag.spongycastle:pkix:1.54.0.0'
compile 'com.madgag.spongycastle:pg:1.54.0.0'
And in addition to Volley failures, EventBus from Guava doesn't work correctly too (subscribe events are not fetching). Do we have any solutions for these troubles? Should I add any additional information here?
Should admit, that even with all information provided, my question was very difficult to analyze, because of many possible sources of described errors.
I'll begin from the end of my question. Guava didn't work correctly, because ProGuard just excluded Guava's Subscribe-methods from my code to be packed. ProGuard removes unused code, and as far as Subscribe-methods are analyzed as unused (even IDE don't highlight them as used ones) ProGuard has decided to remove these methods. To solve this issue, we should keep Subscribe-methods from ProGuard's processing:
# Keep subscribe-methods from deletion
-keepclassmembers class ** {
#com.google.common.eventbus.Subscribe <methods>;
}
And my first problem - when Volley always calls onErrorResponse callbacks in all requests being fired. I used a custom deserializer for Json-repsonses which also checks, if server has provided some required fields (marked with a corresponding annotation). And, of course, ProGuard by default could not work correctly with these annotations and deserializer - that's why I had to keep these entities too:
# To make right deserialization
-keepclassmembers class ** {
#com.some.package.server.JsonDeserializerWithOptions$FieldRequired public *;
}
-keep #interface com.some.package.server.JsonDeserializerWithOptions$FieldRequired
-keep class com.some.package.server.JsonDeserializerWithOptions
Its difficult the pinpoint any error with the logs, however you should try it without using proguard. skip the proguard file syntax and see if it works fine.
Make sure you have multidex enabled, else your project will fail to execute.
android {
compileSdkVersion 21
buildToolsVersion "21.1.0"
defaultConfig {
...
minSdkVersion 14
targetSdkVersion 21
...
// Enabling multidex support.
multiDexEnabled true
}
...
}
dependencies {
compile 'com.android.support:multidex:1.0.0'
}
More details : https://developer.android.com/studio/build/multidex.html
If I build my app in debug it works perfectly. However, when I build for release with proguard, I get several errors and then the build fails. The error summary:
Warning:there were 445 unresolved references to classes or interfaces.
Warning:there were 13 instances of library classes depending on program classes.
I modified my proguard-rules.txt file as shown below. This allowed the build to succeed, but when I install the app, the amazon downloads do not work (works in the debug version).
-keep class org.xmlpull.v1.**
-keep class org.apache.http.**
-keep class org.ietf.jgss.**
-keep class com.amazonaws.services.**
-keep class org.w3c.dom.bootstrap.**
-dontwarn org.xmlpull.v1.**
-dontwarn org.apache.http.**
-dontwarn org.ietf.jgss.**
-dontwarn com.amazonaws.services.**
-dontwarn org.w3c.dom.bootstrap.**
Any suggestions as to how I can get this fixed please?
Update:
Have narrowed it down to a GSON/JSONPARSER issue. For the release version, JSONPARSER does not convert downloaded json to a supplied class like it does in debug. The GSON proguard rules (see update 2 ) have also been added but the issue persists.
-keep class org.apache.commons.logging.** { *; }
-keep class com.amazonaws.services.sqs.QueueUrlHandler { *; }
-keep class com.amazonaws.javax.xml.transform.sax.* { public *; }
-keep class com.amazonaws.javax.xml.stream.** { *; }
-keep class com.amazonaws.services.**.model.*Exception* { *; }
-keep class com.amazonaws.internal.** { *; }
-keep class org.codehaus.** { *; }
-keep class org.joda.convert.* { *; }
-keepattributes Signature,*Annotation*,EnclosingMethod
-keepnames class com.fasterxml.jackson.** { *; }
-keepnames class com.amazonaws.** { *; }
-dontwarn com.amazonaws.auth.policy.conditions.S3ConditionFactory
-dontwarn org.joda.time.**
-dontwarn com.fasterxml.jackson.databind.**
-dontwarn javax.xml.stream.events.**
-dontwarn org.codehaus.jackson.**
-dontwarn org.apache.commons.logging.impl.**
-dontwarn org.apache.http.conn.scheme.**
-dontwarn org.apache.http.annotation.**
-dontwarn org.ietf.jgss.**
-dontwarn org.w3c.dom.bootstrap.**
-dontwarn org.xmlpull.v1.**
-dontwarn com.amazonaws.services.**
-libraryjars libs/aws-android-sdk-1.7.1.1-core.jar
-libraryjars libs/aws-android-sdk-1.7.1.1-s3.jar
-libraryjars libs/gson-2.2.4.jar
-libraryjars libs/ksoap2-android-assembly-3.3.0-jar-with-dependencies.jar
Update 2
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature
# For using GSON #Expose annotation
-keepattributes *Annotation*
# Gson specific classes
-keep class sun.misc.Unsafe { *; }
-keep class com.google.gson.stream.** { *; }
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
Finally solved. GSON could not convert my JSON into a class using the fromJson method as proguard had obfuscated my class's fields. I had to add for each of my classes used during json deserialization:
-keepclassmembers class fully.qualified.path.to.class$innerclass {
private <fields>;
}
As per usual, no mention of this in the GSON docs. This was a project I took over - I personally have never used GSON and wont do so in future.
A few notes to those facing similar issues:
Always make sure when you use a library to include all the
recommended (by the library - see their web pages) entries in your
proguard-rules.text file.
They have mentioned in the comments in the second last line of update2.
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
Change the last line to your actual path inside code to classes that will be serialized. Don't copy paste as it is. Example:
-keep class com.myclass.model.** { *; }
That worked for me.