Proguard dontwarn and dontnote not taking effect - android

I am building an Android project that has some buildTypes that are using Proguard. During the build I am seeing a ton of warnings from Proguard. Because these warnings are generated for third party classes that I am using I'm attempting to use the -dontwarn flag and -dontnote flag in my 'proguard-rules.pro' file so that I won't see the error output in the future. However, the issue I'm seeing is that even after I add these flags to my .pro file and specify the .pro file in the build.gradle I'm still seeing the warnings output when the project is built.
Here is the relevant part of the build.gradle file:
buildTypes {
debug {
applicationIdSuffix ".debug"
}
unitTest {
applicationIdSuffix ".unittest"
minifyEnabled true
// proguardFiles getDefaultProguardFile("proguard-android.txt")
proguardFile('proguard-rules.pro')
}
automation {
applicationIdSuffix ".automation"
minifyEnabled true
// proguardFile getDefaultProguardFile('proguard-android.txt')
proguardFile('proguard-rules.pro')
}
internal {
applicationIdSuffix ".internal"
minifyEnabled true
// proguardFiles getDefaultProguardFile('proguard-android.txt')
proguardFile('proguard-rules.pro')
}
release {
minifyEnabled true
// proguardFiles getDefaultProguardFile("proguard-android.txt")
proguardFile("proguard-rules.pro")
}
}
Here's my proguard-rules.pro file:
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in /usr/local/Cellar/android-sdk/24.3.3/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
# Disabling obfuscation is useful if you collect stack traces from production crashes
# (unless you are using a system that supports de-obfuscate the stack traces).
-dontobfuscate
# React Native
# Keep our interfaces so they can be used by other ProGuard rules.
# See http://sourceforge.net/p/proguard/bugs/466/
-keep,allowobfuscation #interface com.facebook.proguard.annotations.DoNotStrip
-keep,allowobfuscation #interface com.facebook.proguard.annotations.KeepGettersAndSetters
# Do not strip any method/class that is annotated with #DoNotStrip
-keep #com.facebook.proguard.annotations.DoNotStrip class *
-keepclassmembers class * {
#com.facebook.proguard.annotations.DoNotStrip *;
}
-keepclassmembers #com.facebook.proguard.annotations.KeepGettersAndSetters class * {
void set*(***);
*** get*();
}
-keep class * extends com.facebook.react.bridge.JavaScriptModule { *; }
-keep class * extends com.facebook.react.bridge.NativeModule { *; }
-keepclassmembers,includedescriptorclasses class * { native <methods>; }
-keepclassmembers class * { #com.facebook.react.uimanager.UIProp <fields>; }
-keepclassmembers class * { #com.facebook.react.uimanager.annotations.ReactProp <methods>; }
-keepclassmembers class * { #com.facebook.react.uimanager.annotations.ReactPropGroup <methods>; }
-dontwarn com.facebook.react.**
# okhttp
-keepattributes Signature
-keepattributes *Annotation*
-keep class com.squareup.okhttp.** { *; }
-keep interface com.squareup.okhttp.** { *; }
-dontwarn com.squareup.okhttp.**
# okio
-keep class sun.misc.Unsafe { *; }
-dontwarn java.nio.file.*
-dontwarn org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement
-dontwarn okio.**
# stetho
-dontwarn com.facebook.stetho.**
##ADDED TO GET WARNINGS TO GO AWAY BUT NEEDS TO BE EVALED BEFORE RELEASE
-dontnote junit.runner.*
-dontnote junit.framework.*
-dontwarn org.hamcrest.**
-dontwarn android.support.test.**
Note the proguard-rules.pro file is located in my project/app/ directory next to the build.gradle file that references it.
Here's a snippet of the error output from gradle:
Note: duplicate definition of library class [junit.runner.Version]
Note: duplicate definition of library class [junit.runner.BaseTestRunner]
Note: duplicate definition of library class [junit.framework.Protectable]
Note: duplicate definition of library class [junit.framework.Assert]
Note: duplicate definition of library class [junit.framework.TestSuite]
Note: duplicate definition of library class [junit.framework.Test]
Note: duplicate definition of library class [junit.framework.ComparisonFailure]
Note: duplicate definition of library class [junit.framework.TestFailure]
Note: duplicate definition of library class [junit.framework.TestCase]
Note: duplicate definition of library class [junit.framework.AssertionFailedError]
Note: duplicate definition of library class [junit.framework.TestListener]
Note: duplicate definition of library class [junit.framework.TestResult]
Reading library jar [/Users/dhodapp/Library/Android/sdk/platforms/android-23/optional/org.apache.http.legacy.jar]
Note: duplicate definition of library class [android.net.http.SslCertificate]
Note: duplicate definition of library class [android.net.http.SslError]
Note: duplicate definition of library class [android.net.http.SslCertificate$DName]
Note: duplicate definition of library class [org.apache.http.conn.scheme.SocketFactory]
Note: duplicate definition of library class [org.apache.http.conn.scheme.HostNameResolver]
Note: duplicate definition of library class [org.apache.http.conn.ConnectTimeoutException]
Note: duplicate definition of library class [org.apache.http.params.HttpParams]
Note: there were 19 duplicate class definitions.
(http://proguard.sourceforge.net/manual/troubleshooting.html#duplicateclass)
Warning: org.hamcrest.integration.EasyMock2Adapter: can't find superclass or interface org.easymock.IArgumentMatcher
Warning: org.hamcrest.integration.JMock1Adapter: can't find superclass or interface org.jmock.core.Constraint
Warning: library class android.test.AndroidTestCase extends or implements program class junit.framework.TestCase
Warning: library class android.test.AndroidTestRunner extends or implements program class junit.runner.BaseTestRunner
Warning: library class android.test.InstrumentationTestCase extends or implements program class junit.framework.TestCase
Warning: library class android.test.InstrumentationTestSuite extends or implements program class junit.framework.TestSuite
Why aren't the error messages being squashed when I apply the proguard-rules.pro file?

Related

Android R8 not obfuscating class names

I have been researching this for the past few hours without any luck. Class names are not obfuscated no matter what. These are just regular classes, not Activities, Services, or something else which is also in Android Manifest (I know those don't get obfuscated). What am I missing here?
Android Gradle Plugin version: 4.0.0
Gradle version: 6.1.1
Android Studio version: 4.0
With these versions, R8 should be enabled by default. Here is my buildType config:
buildTypes {
release {
//useProguard false // even tried this without luck
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
}
Here is my proguard-rules.pro
-ignorewarnings
# --- Glide ---
-keep public class * implements com.bumptech.glide.module.GlideModule
-keep public class * extends com.bumptech.glide.module.AppGlideModule
-keep public enum com.bumptech.glide.load.ImageHeaderParser$** {
**[] $VALUES;
public *;
}
# --- Billing library ---
-keep class com.android.vending.billing.**
# --- Retrofit2 ---
# Retrofit does reflection on generic parameters. InnerClasses is required to use Signature and
# EnclosingMethod is required to use InnerClasses.
-keepattributes Signature, InnerClasses, EnclosingMethod
# Retrofit does reflection on method and parameter annotations.
-keepattributes RuntimeVisibleAnnotations, RuntimeVisibleParameterAnnotations
# Retain service method parameters when optimizing.
-keepclassmembers,allowshrinking,allowobfuscation interface * {
#retrofit2.http.* <methods>;
}
# Ignore annotation used for build tooling.
-dontwarn org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement
# Animal Sniffer compileOnly dependency to ensure APIs are compatible with older versions of Java.
-dontwarn org.codehaus.mojo.animal_sniffer.*
# Ignore JSR 305 annotations for embedding nullability information.
-dontwarn javax.annotation.**
# With R8 full mode, it sees no subtypes of Retrofit interfaces since they are created with a Proxy
# and replaces all potential values with null. Explicitly keeping the interfaces prevents this.
-if interface * { #retrofit2.http.* <methods>; }
-keep,allowobfuscation interface <1>
# --- TwitterKit ---
#Picasso Proguard Config https://github.com/square/picasso
-dontwarn com.squareup.okhttp.**
# --- GSON ---
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature
# For using GSON #Expose annotation
-keepattributes *Annotation*
# Gson specific classes
-dontwarn sun.misc.**
#-keep class com.google.gson.stream.** { *; }
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { <fields>; }
# Prevent proguard from stripping interface information from TypeAdapter, TypeAdapterFactory,
# JsonSerializer, JsonDeserializer instances (so they can be used in #JsonAdapter)
-keep class * implements com.google.gson.TypeAdapter
-keep class * implements com.google.gson.TypeAdapterFactory
-keep class * implements com.google.gson.JsonSerializer
-keep class * implements com.google.gson.JsonDeserializer
# Prevent R8 from leaving Data object members always null
-keepclassmembers,allowobfuscation class * {
#com.google.gson.annotations.SerializedName <fields>;
}
# --- SciChart ---
# ignore warnings and save classes required for syntax highlighting
-dontwarn java.awt.**
-dontwarn javax.swing.**
-dontwarn syntaxhighlight.**
-keep public class java.awt.** { *; }
-keep public class javax.swing.** { *; }
-keep public class syntaxhighlight.** { *; }
-keep public class prettify.** { *; }
# need to keep these classes and their methods because they are used by resampling code
-keep public class com.scichart.core.model.DoubleValues { *; }
-keep public class com.scichart.core.model.FloatValues { *; }
-keep public class com.scichart.core.model.IntegerValues { *; }
-keep public class com.scichart.data.model.Point2DSeries { *; }
# repack obfuscated classes into single package so it would be hard to find their originall package
-repackageclasses ''
-allowaccessmodification
Similar questions which I checked but didn't offer any solutions to this:
Android studio 3.4.2 R8 obfuscator does not obfuscate class names, but only java code inside
Class no longer obfuscated after upgrading to Android Gradle plugin 3.4.0
Android/java: Transition / Migration from ProGuard to R8?
As per WorkManager's proguard file, it is expected that all classes that extend ListenableWorker (and its subclasses, such as Worker) are kept. This is because the name of the class is the unique key in WorkManager's internal database.

Android app crashes in Release but not in Debug NullPointerException

I recently changed 2 lines of code as a workaround due to changes to the data being returned from an API I'm using. Now the app is crashing when using the release apk and aab. However, when I'm using the app through the Android Emulator on API 27 and connecting an API 27 device to my computer running the debug apk, the app works flawlessly.
I'm really stumped on this problem, and do not understand the error messages at all.
FATAL EXCEPTION: main
Process: com.guy.aqi, PID: 8328
java.lang.NullPointerException: throw with null exception
at com.guy.aqi.n.a(Unknown Source:3)
at com.guy.aqi.m.b(CurrentAirQualityFragment.java:8)
at com.guy.aqi.m.b(CurrentAirQualityFragment.java:6)
at com.guy.aqi.d.a(Unknown Source:4)
at b.a.a.a.m.c(StringRequest.java:4)
at b.a.a.a.m.a(StringRequest.java:1)
at b.a.a.h$a.run(ExecutorDelivery.java:4)
at android.os.Handler.handleCallback(Handler.java:790)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:164)
at android.app.ActivityThread.main(ActivityThread.java:6494)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:807)
My API stopped sending the "main pollutant" String, so I changed this line:
textViewMainPollutantUS.setText("U.S. Main Pollutant: " decodePollutant(mainPollutantUS));
to
textViewMainPollutantUS.setText("");
and this line:
textViewMainPollutantCN.setText("China Main Pollutant: " decodePollutant(mainPollutantCN));
to
textViewMainPollutantCN.setText("");
I expected changing these lines would fix the issue. But now the issue seems to be fixed in debug version of the app, but not the release version.
proguard-rules.pro
# Add project specific ProGuard rules here.
# You can control the set of applied configuration files using the
# proguardFiles setting in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
# Uncomment this to preserve the line number information for
# debugging stack traces.
#-keepattributes SourceFile,LineNumberTable
# If you keep the line number information, uncomment this to
# hide the original source file name.
#-renamesourcefileattribute SourceFile
# JSR 305 annotations are for embedding nullability information.
-dontwarn javax.annotation.**
# A resource is loaded with a relative path so the package of this class must be preserved.
-keepnames class okhttp3.internal.publicsuffix.PublicSuffixDatabase
# Animal Sniffer compileOnly dependency to ensure APIs are compatible with older versions of Java.
-dontwarn org.codehaus.mojo.animal_sniffer.*
# OkHttp platform used only on JVM and when Conscrypt dependency is available.
-dontwarn okhttp3.internal.platform.ConscryptPlatform
# Prevent Proguard from inlining methods that are intentionally extracted to ensure locals have a
# constrained liveness scope by the GC. This is needed to avoid keeping previous request references
# alive for an indeterminate amount of time. See also https://github.com/google/volley/issues/114
-keepclassmembers,allowshrinking,allowobfuscation class com.android.volley.NetworkDispatcher {
void processRequest();
}
-keepclassmembers,allowshrinking,allowobfuscation class com.android.volley.CacheDispatcher {
void processRequest();
}
##---------------Begin: proguard configuration for Gson ----------
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature
# For using GSON #Expose annotation
-keepattributes *Annotation*
# Gson specific classes
-dontwarn sun.misc.**
#-keep class com.google.gson.stream.** { *; }
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
# Prevent proguard from stripping interface information from TypeAdapterFactory,
# JsonSerializer, JsonDeserializer instances (so they can be used in #JsonAdapter)
-keep class * implements com.google.gson.TypeAdapterFactory
-keep class * implements com.google.gson.JsonSerializer
-keep class * implements com.google.gson.JsonDeserializer
##---------------End: proguard configuration for Gson ----------
-keep class com.crashlytics.** { *; }
-keepattributes SourceFile,LineNumberTable
For me, adding lines (you may have other name for package where you put your POJO files):
-keep class [mypackagename].model.** { *; }
-keep class [mypackagename].datamodel.** { *; }
to proguard.rules worked perfectly, then options:
android
{
...
buildTypes {
release {
minifyEnabled true
shrinkResources true
}
}
}
are set in build.gradle (Module: app)
Edit:-
Replace this
minifyEnabled true
to
minifyEnabled false

Android minifyEnabled gives error for retrofit

I am trying to generate a signed APK with minifyEnabled set to true in Gradle:
buildTypes {
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
and added these to my proguard file:
-dontwarn okio.**
-dontwarn retrofit.**
but I get these errors:
Information:Gradle tasks [:app:assembleRelease]
Warning:retrofit2.Platform$Java8: can't find referenced method 'boolean isDefault()' in library class java.lang.reflect.Method
Warning:retrofit2.Platform$Java8: can't find referenced class java.lang.invoke.MethodHandles$Lookup
Warning:retrofit2.Platform$Java8: can't find referenced class java.lang.invoke.MethodHandle
Warning:retrofit2.Platform$Java8: can't find referenced class java.lang.invoke.MethodHandles
Warning:retrofit2.Platform$Java8: can't find referenced class java.lang.invoke.MethodHandle
Warning:retrofit2.Platform$Java8: can't find referenced class java.lang.invoke.MethodHandles$Lookup
Warning:retrofit2.Platform$Java8: can't find referenced class org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement
Warning:there were 8 unresolved references to classes or interfaces.
Warning:there were 1 unresolved references to library class members.
Warning:Exception while processing task java.io.IOException: Please correct the above warnings first.
Error:Execution failed for task ':app:transformClassesAndResourcesWithProguardForRelease'.
> java.io.IOException: Please correct the above warnings first.
Information:BUILD FAILED
and can't build the apk file. We can't have minifyEnabled as true and use retrofit library? how can this be fixed?
You can have minifyEnabled as true and use any number of libraries. Just one thing to make note of its to add the proguard rules of every library in the proguard-rules.pro file. Check retrofits proguard handling here.
Lastly adding a proguard-rules.pro for your reference this is for the project im handling. (You might also need to notify proguard to exclude your POJO classes. Check example)
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in /Users/yogeshmalpani/Library/Android/sdk/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
-dontwarn com.squareup.okhttp.**
-keep class com.pushwoosh.** { *; }
-keep class com.arellomobile.** { *; }
-dontwarn com.pushwoosh.**
-dontwarn com.arellomobile.**
-dontwarn butterknife.internal.**
-keep class **$$ViewInjector { *; }
-keepnames class * { #butterknife.InjectView *;}
-keepattributes *Annotation*,EnclosingMethod,Signature,SourceFile,LineNumberTable
-keepnames class com.fasterxml.jackson.** { *; }
-dontwarn com.fasterxml.jackson.databind.**
-keep class org.codehaus.** { *; }
-keepclassmembers public final enum org.codehaus.jackson.annotate.JsonAutoDetect$Visibility {
public static final org.codehaus.jackson.annotate.JsonAutoDetect$Visibility *; }
# My POJO class directory
-keep public class com.app_name.model.pojo.** {
public void set*(***);
public *** get*();
public protected private *;
}
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
I think you are using retrofit 2,
-dontwarn okio.**
-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions

Android Studio Gradle proguard - only obfuscate the actual app code and not third libraries

Since I decompiled my app I noticed that all the members, classes are easy to read and understand, so my goal is to make it harder for someone who decompiles the app, to read the code.
The first step I did was to alter my graddle file:
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-myapp.txt'
}
The file proguard-myapp.txt is located in my project.
My project uses the following:
dependencies {
compile 'com.android.support:support-v4:24.2.1'
compile 'com.android.support:design:24.2.1'
compile 'com.google.code.gson:gson:2.4'
compile 'com.android.support:appcompat-v7:24.2.1'
compile 'com.google.android.gms:play-services-ads:9.2.1'
compile 'com.github.lecho:hellocharts-library:1.5.8#aar'
compile('com.crashlytics.sdk.android:crashlytics:2.6.1#aar') {
transitive = true;
}
}
I've kept playing with proguard rules but the more I test the more it gets out of hand.
I've added the following rules:
-dontshrink
-dontoptimize
#charts
-keep class lecho.lib.hellocharts.** { *; }
#support library
-dontwarn android.support.**
-keep class android.support.** { *; }
#ads
-keep public class com.google.android.gms.ads.** {
public *;
}
-keep public class com.google.ads.** {
public *;
}
#gson
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature
# For using GSON #Expose annotation
-keepattributes *Annotation*
# Gson specific classes
-keep class sun.misc.Unsafe { *; }
#-keep class com.google.gson.stream.** { *; }
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
# Prevent proguard from stripping interface information from TypeAdapterFactory,
# JsonSerializer, JsonDeserializer instances (so they can be used in #JsonAdapter)
-keep class * implements com.google.gson.TypeAdapterFactory
-keep class * implements com.google.gson.JsonSerializer
-keep class * implements com.google.gson.JsonDeserializer
#Crashlytics
-keep class com.crashlytics.** { *; }
-dontwarn com.crashlytics.**
-keep class io.fabric.sdk.** { *; }
My questions are:
Is it possible to only obfuscate/optimize or whatever it is called, only the files that I actually use in the app, the ones I wrote and leave all the other libraries as they are? I mean, only rename, optimize my classes and my files and ignore crashlytics, admob, support library?
2.I have tried adding as rules only:
-keep class !com.mypackage.**{*;}
While the code looks fine on decompile, the app does not work properly.
This may not seem as a proper answer but I found out the reason my compiled app did not work.
After a lot of trying to find out what's wrong, I finally got it working.
GSON as it seems in this answer https://stackoverflow.com/a/30982197/379865 needs to have the classes kept in order to properly work.
After keeping my classes for the objects related to Gson, it works.

Proguard obfuscating does not work

I'm trying to obfuscate my package names including that one of my used libraries.
I use this build config in my gradle file:
buildTypes {
debug {
versionNameSuffix "-Development"
debuggable true
runProguard true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
#...
This is my proguard file:
# Butterknife
-dontwarn butterknife.internal.**
-keep class **$$ViewInjector { *; }
-keepnames class * { #butterknife.InjectView *;}
# OrmLite uses reflection
-keepclassmembers class com.j256.** { *; }
-keep class my.package.name.database.** { *; }
-keep class com.j256.**
#test
-repackageclasses 'qqq1'
-flattenpackagehierarchy 'qqq2'
-allowaccessmodification
-forceprocessing
I'm using this command for dumping all the dexed classes:
7z x -aoa my.apk classes.dex && dexdump classes.dex | grep "Class desc" | less
And I still see all full package names if I just grep for "qqq" I get no results so it seems that both rules repackageclasses and flattenpackagehierarchy seems to be ignored (I also tested to use only one of that lines). Any idea what I missed?
For library modules, it seems that the build system add "-keeppackagenames" by default which will lead to the package names not be obfuscated.
You can try using this WORKAROUND:
Add "-keeppackagenames !**" to disable -keeppackagenames being injected by the build system.
Via: https://code.google.com/p/android/issues/detail?id=67587
Wow this took long to fix. The butterknife rules broke everything. My solution was to grep that one from the homepage and how everything works as expected.
Here are the fixed rules:
# Butterknife
-keep class butterknife.** { *; }
-dontwarn butterknife.internal.**
-keep class **$$ViewBinder { *; }
-keepclasseswithmembernames class * {
#butterknife.* <fields>;
}
-keepclasseswithmembernames class * {
#butterknife.* <methods>;
}
# OrmLite uses reflection
-keepclassmembers class com.j256.** { *; }
-keep class my.package.name.database.** { *; }
-keep class com.j256.**
#test
-repackageclasses 'qqq1'
-flattenpackagehierarchy 'qqq2'
-allowaccessmodification
-forceprocessing

Categories

Resources