I made an android app that always worked fine. Suddenly, the AVG Antivirus reported that my app is a malware. After a couple hours, I found the issue:
In the build.gradle, if I use the config below to generate signed APK, AVG reports (the APK) as malware:
buildTypes {
release {
shrinkResources true
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
But if I comment the last line, no threat is found:
buildTypes {
release {
shrinkResources true
minifyEnabled true
//proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
My proguard-rules.pro has nothing special:
-keepattributes Signature
-keepattributes *Annotation*
-keepattributes EnclosingMethod
-keep class io.codetail.animation.arcanimator.** { *; }
-keep class com.example.viewholders.** {
*;
}
-keep class com.android.vending.billing.**
-keep class cn.pedant.SweetAlert.Rotate3dAnimation {
public <init>(...);
}
-keepclassmembers class com.example.models.** {
*;
}
I'm using Android Studio 2.2.2 and my project uses Firebase. The AVG Antivirus version that I have in my android device is 5.9.0.1.224656.
The "malware" identified by AVG is Android/gp oi bccfdd.
Is there something that I can do to solve this problem?
Finally I got a solution. Just to change this line:
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
With this:
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
According to Android Studio User Guide:
"Tip: For even more code shrinking, try the proguard-android-optimize.txt file that's in the same location. It includes the same ProGuard rules, but with other optimizations that perform analysis at the bytecode level—inside and across methods—to reduce your APK size further and help it run faster."
Unfortunately, as I realized, this can cause false detections of malware by antivirus.
Related
I'm able to upload files to an FTP Server when I'm using a debug build, but it fails in the release build:
it fails regardless if minify is enabled or not
it fails even when I remove proguard settings
I am able to generate the release build apk with no errors. The upload-to-ftp feature in the app just won't work.
build.gradle
implementation 'commons-net:commons-net:3.6'
....
minifyEnabled false
shrinkResources false
// proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
debuggable true
signingConfig signingConfigs.release
proguard-rules.pro
-keepclasseswithmembernames class * {
native <methods>;
}
-keep class com.integratedbiometrics.** { *;}
-keep class org.libusb.** { *;}
-keep class com.futronictech.** { *;}
-keep class com.smufsbio.btsdk.** { *;}
-keep class org.apache.http.** { *; }
-keep class org.apache.commons.codec.** { *; }
-keep class org.apache.commons.logging.** { *; }
-keep class android.net.compatibility.** { *; }
-keep class android.net.http.** { *; }
-dontwarn org.apache.http.**
-dontwarn android.webkit.**
What am I missing?
I got it working already. I found out it was not the shrinking and obfuscating at all because setting minifyEnabled and shrinkResources to true in both release and debug build still gave me an issue with the release build while the debug build worked well.
buildTypes {
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
debug {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.debug
}
}
The only difference then was the signingConfig, and when I set
signingConfig signingConfigs.release
in the debug build, the problem surfaced in the debug build.
Apparently, there was something wrong with the security certificate I was signing the apk with. Creating a new certificate fixed the issue for me. It's the first release so there's no issue in doing so.
On my release build I use :
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
but I have in my assets some *.json files that I want to exclude from offuscation because at runtime all the values from my *.json files are null
I use but with error some rullez :
-keep org.json.**
-keep json.**
I have also faced same problem, but after excluding model classes from proguard, it will work.
-keep class com.packege.db.entity.** {*;}
Thanks #NabinBhandari
I've been trying to get Proguard to work in this libgdx app of mine for hours, and I can't get past this error when I try running it:
Error:Execution failed for task
':android:transformClassesWithNewClassShrinkerForDebug'. >
com.android.build.gradle.shrinker.ClassLookupException: Invalid class
reference: android/support/v4/app/Fragment
I've tried adding a ton of different rules to proguard-rules.pro, nothing seems to work. Here are some of the rules I've tried:
dontwarn android.support.**
keep class android.support.v4.* { *; }
keep public class * extends android.support.v4.
keep public class * extends android.app.Fragment
dontwarn **CompatHoneycomb
keep class android.support.v4.** { *; }
optimizationpasses 5
keepattributes SourceFile,LineNumberTable
keep class android.support.** { *; }
Here's what my buildTypes look like in my Android build.gradle
buildTypes {
debug {
minifyEnabled true
useProguard false
proguardFiles getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.pro'
}
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.pro'
}
}
Edit
This is definitely a LibGDX problem, I tried it with a blank LibGDX project and I get the exact same error.
This question is related to a problem with my firebase, having the "debuggable true" option, which impact has in my program apart of enable testing?
When I configure another build or just the same but with "debuggable=false" the firebase can't be serialized. Why is this happening? Thanks
I though the proguard could be the solution but I'm using this build and changing debuggable to false is the problem.
Update
With proguard enabled or not, the result is the same with these permissions (I dont want any change in my code):
-dontwarn com.firebase.**
-dontoptimize
-keep class acr.acr_app.** { *; }
-keep class com.firebase.** { *; }
Gradle.Build
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
debuggable true
signingConfig signingConfigs.release
}
Udpate 2
I updated the libraries with no effect, somebody can help me a bit? How run app compile the app?
As my project is too large, I need to run proguard in order to compile android successfully.
But when I set android:debuggable="true" in order for me to debug easily, it turn off proguard automatically. Is there any solution or workaround? Thank You
Ran into the exactly same problem. Luckily Google helped me out.
Now my build.gradle:
// ...
android {
// ...
buildTypes {
debug {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.txt',
'proguard-rules.debug.txt'
debuggable true
}
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.txt'
}
}
}
proguard-rules.debug.txt:
-renamesourcefileattribute SourceFile
-keepattributes SourceFile,LineNumberTable
-dontobfuscate
-dontoptimize
-dontpreverify
Worked for me. Hope it helps. ;-)