My Project has few classes that extends Parcelable.
Do I need to 'keep' them in proguard rules while obfuscating.
What is the general practice for parcelables?
No, the default android rules include this:
-keepclassmembers class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator CREATOR;
}
These default rules will be applied if you leave the default generated gradle definition in place:
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
If you are using Kotlin #Parcelize with proguard you can add this to proguard-rules.pro:
-keep #kotlinx.android.parcel.Parcelize public class *
Related
After minifyEnabled true in build.gradle
Like below
buildTypes {
release {
debuggable false
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
debug {
debuggable true
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
When i make api call while minifyEnabled true i got success but some Parameters value change which is different from expected value.
And
When i make api call while **minifyEnabled false ** i got actual value which comes from back-end side.
(i.e.) i got isValidUser parameter in api response which is boolean
actual value is isValidUser=true which is expected but i got isValidUser=false.
help me what is the problem with my build.gradle file?
Please specify exactly what part is not working, but generally its from the models, so exclude them in the rules file as:
# Models
-keepclassmembers class com.example.models.** {*;}
# GSON
-keepattributes Signature
-keepattributes *Annotation*
-dontwarn sun.misc.**
-keep class com.google.gson.examples.android.model.** { *; }
-keep class * implements com.google.gson.TypeAdapterFactory
-keep class * implements com.google.gson.JsonSerializer
-keep class * implements com.google.gson.JsonDeserializer
with the help of Payam Kokabi,
issue is solved minifyEnabled true is will not change the value when we declare
-keep class YOUR CLASS ** { *; }
in your proguard-rules.pro file.
#Arbaz.in if you use #SerializedName and keep Gson you wouldnt need to keep your classes althought in some rare cases you need to do both
you can use these proguard rules for your GSON it should work:
GSON Proguard
I have an AAR (library) project in Android Studio, to make a library we license. I need to obfuscate the library we release to make it difficult for people to decompile. But I can't seem to get the ProGuard to work. When I unzip the AAR and then the "classes.jar" underneath, all the class names are still there as well as the variables. I'm very weak at ProGuard usage, so wondering if the community can help. I have an extremely basic ProGuard file, one that was generated when Android Studio created the template for the project:
-printmapping out.map
-keepparameternames
-renamesourcefileattribute SourceFile
# -keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,EnclosingMethod
-keepattributes Exceptions
# Preserve all annotations.
-keepattributes *Annotation*
# Preserve all public classes, and their public and protected fields and methods
-keep public class * {
public protected *;
}
probably it's too late but it could be helpful for anyone else.
I'm using this configuration and variables names are encrypted as well as parameters varialbes
-renamesourcefileattribute SourceFile
-keepattributes Exceptions
-keepattributes *Annotation*
-keep public class * {
public protected *;
}
I'm also using this configuration in the build types so it's not debuggable
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
debuggable false
jniDebuggable false
zipAlignEnabled true
}
}
Let me know if it solved your problem or if you found a better solution!
-keep,allowoptimization,allowobfuscation public class yourpackage.**
I'm trying to obfuscate my code using ProGuard, but I still get error even using default proguard-rules.txt:
I really could not find anything about this. Since I'm new to ProGuard, can you help me solving this issue?
My gradle.build file is the following:
buildTypes {
release {
debuggable false
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
}
debug {
debuggable true
minifyEnabled false
shrinkResources false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
}
}
And the proguard-rules.txt:
# This is a configuration file for ProGuard.
# http://proguard.sourceforge.net/index.html#manual/usage.html
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-verbose
# Optimization is turned off by default. Dex does not like code run
# through the ProGuard optimize and preverify steps (and performs some
# of these optimizations on its own).
-dontoptimize
-dontpreverify
# Note that if you want to enable optimization, you cannot just
# include optimization flags in your own project configuration file;
# instead you will need to point to the
# "proguard-android-optimize.txt" file instead of this one from your
# project.properties file.
-keepattributes *Annotation*
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService
# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native
-keepclasseswithmembernames class * {
native <methods>;
}
# keep setters in Views so that animations can still work.
# see http://proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers public class * extends android.view.View {
void set*(***);
*** get*();
}
# We want to keep methods in Activity that could be used in the XML attribute onClick
-keepclassmembers class * extends android.app.Activity {
public void *(android.view.View);
}
# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepclassmembers class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator CREATOR;
}
-keepclassmembers class **.R$* {
public static <fields>;
}
# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version. We know about them, and they are safe.
-dontwarn android.support.**
# Understand the #Keep support annotation.
-keep class android.support.annotation.Keep
-keep #android.support.annotation.Keep class * {*;}
-keepclasseswithmembers class * {
#android.support.annotation.Keep <methods>;
}
-keepclasseswithmembers class * {
#android.support.annotation.Keep <fields>;
}
-keepclasseswithmembers class * {
#android.support.annotation.Keep <init>(...);
}
I always use *.pro for proguard files. Try to change *.txt to *.pro.
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
Looking at the logs pointed me to the right direction.
The problem was a silent error in XML layout, in fact I had a button with android:onClick="" attribute and the argument was empty.
I think ProGuard generated a method with empty method name and this caused the problem.
I have Develop one Android AAR Library which consist of all functionality that customer required, I want to apply proguard on library before deliver it to the customer in order to obfuscate the code so that code will not easy to decompile.
I googled it before posting this question and I found that Library projects by themselves don't run ProGuard, so they don't use any configuration, as mention here Click Here
I have done following configuration in order to apply proguard on my library project.
buildTypes {
debug {
shrinkResources false
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
release {
shrinkResources true
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
I have applied this rules on proguard-rules.pro
-keepparameternames
-renamesourcefileattribute SourceFile
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
-keep public class * {
public protected *;
}
-keepclassmembernames class * {
java.lang.Class class$(java.lang.String);
java.lang.Class class$(java.lang.String, boolean);
}
-keepclasseswithmembernames class * {
native <methods>;
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
but after using this aar on my demo project the library get used properly but the code is not hidden it just get visible after decompiled in android studio as we decompile method just by holding ctrl and click on that method, all containt of method just get visible without any proguard rules applied on that library.
Please suggest me relevant way or tell me what wrong steps I am taking as I am new to android.
AAR modules can be indeed obfuscated.
Add consumerProguardFiles 'proguard-rules.pro' to your AAR build.gradle configuration along with proguardFiles, so that if the app/module that's using the AAR runs ProGuard, your configuration (i.e. any excludes for public API that shouldn't be minified) will be honoured.
Android libraries (aar-files) are not obfuscated at all. The minifyEnabled option is ignored in com.android.library-projects. So everyone can easily decompile the code contained in an aar-file.
As I know there are some classes which should not be obfuscated and also their names must persisted like 'Activities'. However I want other classes and packages inside my code be renamed.
here is build.gradle inside app folder:
apply plugin: 'com.android.application'
android {
compileSdkVersion 23
buildToolsVersion "23.0.3"
defaultConfig {
applicationId "apt.eve.good.morning"
minSdkVersion 14
targetSdkVersion 23
versionCode 1
versionName "1.0"
}
buildTypes {
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
testCompile 'junit:junit:4.12'
compile 'com.android.support:support-v4:23.4.0'
compile 'com.android.support:appcompat-v7:23.4.0'
compile 'com.android.support:design:23.4.0'
}
I use this proguard configuration for my application (app\proguard-rules.pro):
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-useuniqueclassmembernames
-verbose
-keepattributes *Annotation*
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService
# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native
-keepclasseswithmembernames class * {
native <methods>;
}
# keep setters in Views so that animations can still work.
# see http://proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers public class * extends android.view.View {
void set*(***);
*** get*();
}
-allowobfuscations class *
# We want to keep methods in Activity that could be used in the XML attribute onClick
-keepclassmembers class * extends android.app.Activity {
public void *(android.view.View);
}
# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepclassmembers class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator CREATOR;
}
-keepclassmembers class **.R$* {
public static <fields>;
}
# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version. We know about them, and they are safe.
-dontwarn android.support.**
# Understand the #Keep support annotation.
-keep class android.support.annotation.Keep
-keep #android.support.annotation.Keep class * {*;}
-keepclasseswithmembers class * {
#android.support.annotation.Keep <methods>;
}
-keepclasseswithmembers class * {
#android.support.annotation.Keep <fields>;
}
-keepclasseswithmembers class * {
#android.support.annotation.Keep <init>(...);
}
It do optimization but as I checked inside my classses.dex all class names remained unchanged. So I want to know what I missed in my configuration file which is not obfuscating class/method names?
P.S.1 I have searched several questions but I can't imagine what's wrong here.
P.S.2 I have properly configured my android studio and changes on proguard configuration applies without no problem on my released .apk file.
Make sure you check the obfuscated .dex files.
With common gradle build script the build/** folders may contain several unobfuscated versions of .dex/.class files.
Ultimately the resulting .apk/.aar should be obfuscated, so if you are unzipping that one, and the the classes are not obfuscated, then something doesn't work as expected.
As OP noted, it's also important to verify your [disassembly] tools work correctly.
Viewing binary form of .dex from .apk is usually enough to spot [un]obfuscated symbols (try with unobfuscated .class, the symbols are easily readable even in text editor, in obfuscated .dex the chain of symbols like "aa", "ab", ... is often well visible too).
Also running gradle proguard task manually with verbose option on may help to identify if the proguard was run and upon what files.
Based on your gradle file (minifyEnabled=true) and proguard config. You appear to be in good shape already.
To quickly confirm that your app obfuscating your classes, check the resulting mapping.txt file when you make release builds. This file "provides a translation between the original and obfuscated class, method, and field names."
Here is an example of a mapping.txt that obsfucates a hockeyapp library :
net.hockeyapp.android.tasks.AttachmentDownloader -> net.hockeyapp.android.d.a:
java.util.Queue queue -> a
boolean downloadRunning -> b
67:67:net.hockeyapp.android.tasks.AttachmentDownloader getInstance() -> a
Lots more info can be found in the "Shrink Your Code and Resources" article here : https://developer.android.com/studio/build/shrink-code.html
Do you already changed
minifyEnabled=true
Inside app -> build.gradle?
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}