There is one line in the default proguard configuration of android sdk:
-keepattributes *Annotation*
According to Proguard Manual, this line equals to:
-keepattributes RuntimeVisibleAnnotations,RuntimeInvisibleAnnotations,RuntimeVisibleParameterAnnotations,RuntimeInvisibleParameterAnnotations,RuntimeVisibleTypeAnnotations,RuntimeInvisibleTypeAnnotations,AnnotationDefault
In my opinion, maybe the configuration below is enough:
-keepattributes RuntimeVisibleAnnotations,RuntimeVisibleParameterAnnotations,RuntimeVisibleTypeAnnotations,AnnotationDefault
Have I missing something? Why the recommend configuration keep all this things?
No, your observation is correct, the following configuration would be more correct imho:
-keepattributes RuntimeVisible*Annotation*,AnnotationDefault
Most people probably don't care about the subtle difference between runtime visible and invisible annotations, but there is no specific reason to keep runtime invisible annotations.
Edit: the above applies for Android applications only. If you are building an Android library, you should stick to -keepattributes *Annotation*.
btw. DexGuard (commercial variant of ProGuard) uses the updated configuration that I suggested above.
Related
I plan on using ProGuard to obfuscate the code of my Android app. I have been researching about it. Most of the articles and videos on YouTube seem to be out dated. From all what I have gathered, here is what need to be done:
In the project.properties class I will have to uncomment the line:
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
I am using Crashlytics and it says that to have informative stack traces, I must add a line to ProGuard configuration:
-keepattributes SourceFile,LineNumberTable
I am guessing that the above line is appended to proguard-project.txt?
And then that's it. Please correct me where I am wrong.
Correct. In your project.properties you need to define the
path/filename for your Proguard configuration file, e.g.
proguard.config=proguard-project.txt
(in this case proguard-project.txt sits in the project's root folder)
Also correct. As per the Proguard documentation:
-keepattributes [attribute_filter]
Specifies any optional attributes to be preserved.
...
You should also keep the SourceFile and LineNumberTable
attributes for producing useful obfuscated stack traces. Finally, you
may want to keep annotations if your code depends on them. Only
applicable when obfuscating.
I have Android library project. There are some .aj files (aspectJ) with pointcuts.
I need to obfuscate compiled artifact (jar). When i obfuscate it and add as library to another project, aspects stops working.
Can anyone help with obfuscation using ProGuard? Some configuration examples or any useful information.
May be it is not possible at all? Are there some alternatives?
Thanks.
I also have an android library with aspects. My pointcuts are not for my library code, but for the app's code (pointcuts on Activity.onCreate, for example), so people who use my library are already expected to set up their android projects as AspectJ projects.
Everything works perfectly without Proguard, but despite making every exception I can think of I couldn't get the advice to apply if my library jar was obfuscated. I verified that the aspect class and all methods and fields were kept in the mapping.
Here's the final version of my proguard config that didn't get the aspects working, although everything compiles fine and there are no errors:
...some config, the injar included my iajc compiled library project with aspects
-optimizations !code/allocation/variable,!code/simplification/arithmetic,!field/*,!class/merging/*
-optimizationpasses 3
-dontpreverify
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontskipnonpubliclibraryclassmembers
-verbose
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
# This is the package of my aspects
-keep class my.package.aspectj.** { *; }
# This is all the public methods that my aspect code calls in to
-keep class my.package.allthethingsmyaspectscall.** { *; }
...keep some other classes not related to this
With all this my aspects still didn't apply.
My solution was to copy my aspect files into the client app's project at install time so that it is in their app classpath and gets woven when their app gets built.
a question on android proguard obfuscation.
For some reason, when generating apk using ant, I want proguard to shrink size (remove unused classes) but no name obfuscation. In proguard.cfg, I added:
-dontobfuscate
all others in proguard.cfg are either -dontwarn or -keep class. But after decompile the generated apk (dex2jar), I found many names are still obfuscated. Why this happens?
Thanks
Since nobody was actually answering this, here is the link to the post that solves the issue: Using Proguard with Android without obfuscation
Basically, what you need to add below your -dontobfuscate instruction is:
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*,!code/allocation/variable
Important thing here is: !code/allocation/variable
I'm trying to build an Android release with Ant and ProGuard. I uncommented the following line in project.properties, despite the comment in said file noting that you shouldn't modify it ;):
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
When obfuscating, I get the following notes:
[proguard] Note: the configuration refers to the unknown class 'com.google.vending.licensing.ILicensingService'
[proguard] Note: the configuration refers to the unknown class 'com.android.vending.licensing.ILicensingService'
I do understand why this is happening. These lines can be found in the default ProGuard config file (${sdk.dir}/tools/proguard/proguard-android.txt):
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService
I'm not using the Google Licensing Service, so the classes are indeed unknown. I found a solution to get rid of these notes by updating the proguard-project.txt:
-dontnote **ILicensingService
My question: Is this the correct way of handling this? It seems to me that these classes shouldn't be kept by default anyway, since that lib isn't mandatory for an android project. The only way I can think of to achieve this is by copying the default config file to my project, removing the -keep lines and ignoring the default config file in the SDK completely. Which doesn't seem as the proper way to go either. Or am I missing something?
The setting "-dontnote com.google.vending.licensing.ILicensingService" is fine. In fact, it could have been part of the default configuration file.
The -keep option may be necessary for projects that use the library.
The -dontnote option may be nice to suppress the note about the -keep option, for projects that don't use the library. The note is just a gentle reminder that the configuration file could contain a typo, because the specified class doesn't seem to exist. It doesn't affect the processing.
Did anyone have trouble with youtube api especially after running proguard?
My code to fetch videos from youtube worked just fine before running proguard, after running proguard i am getting strange exception
ERROR/AndroidRuntime(10197): Caused by: java.lang.IllegalArgumentException:
No parser defined for Content-Type: application/atom+xml; charset=UTF-8; type=feed
I'm not setting content type anywhere and i'm using the default proguard.cfg file that's generated while creating a new project.
Did anyone face similar issues after running proguard?
Tried proguard without obfuscating, without optimization but it gives the same result.
Not sure if google-api-client is exactly the same as the gdata you mention, but it must be very similar. Since Proguard will often break your code, you have to tell it what it can and cannot do. It's not by any means a miracle tool that understands reflection.
I had to add this among others:
-keepattributes *Annotation* # Needed by google-api-client
-keepattributes Signature # Needed by google-api-client
# Needed by google-api-client to keep generic types and #Key annotations accessed via reflection
-keepclassmembers class * {
#com.google.api.client.util.Key <fields>;
}
# Needed by Guava (google-api-client)
-dontwarn sun.misc.Unsafe