I have an Android Studio project in which I build an SDK and export it to Jcenter so that clients will be able to use my SDK in their own project by adding 1 line of "compile.. " to their build.gradle.
So far everything went well but I do have one problem, my clients can see all of the SDK code from their project. I'm trying to understand what will be the best way to hide my implementation without breaking anything. Obviously proguard will probably be involved in the solution, however to my surprise I haven't seen any "best practice" solution to achieve what I want.
Any thoughts?
At first, a library on the public jCenter repository provided by Bintray is OSS (Open Source Sofware).
This is what I've done to protect my code :
1. All the code is obfuscated with Proguard. There are some rules on very specific classes so the library work correctly.
2. My organization have subscribed to the Professional plan on Bintray witch allow us to not have a OSS library. See pricing. Doing this, the developer will need to add your bintray repo and after the dependencies. If you prefer, I guess you could do as Fabric/Twitter to have your own code repositories using maven, and host your library yourself.
Don't forget that a class file can always be Decompiled so you cannot really prevent this.
As a personnal note, If your planning to earn money with your library, maybe think about an OSS library and a prenium server side service like Parse.com where the client library is OSS.
Related
I have created an Android library for customer, which is stored in private repository (it can be Github or Bitbucket, does not matter). And now this library should be published to mavenCentral for future use by other programmers. And there are two important requirements:
Code of library must be in private repository, other programmers, which will use it, will not be able to download repo.
Code of library must be obfuscated, programmers, which will use it, will be able to use methods, but will NOT be able to see code of that methods.
Programmers will be able to implement library via gradle, as usual
How can I make this? I found many tutorials for mavenCentral, but all of them was only for public repos.
I am kind of facing some similar issue. However, I liked the idea in this link below:
https://medium.com/student-beans/publishing-a-library-as-a-aar-package-55ed725fa638
Create .aar file -> Create new repo -> Upload your .aar file to Github directly -> Create release version -> Distribute using Jitpack.
This way people can directly use your library without having to see the implementation.
Suggestion: If you want it to be more secure, I would recommend creating a separate account for AAR distribution. Make the AAR repo private and distribute Github token to your partner companies only. (This is just a suggestion and I have not yet tested it)
Update: Please follow the below tutorial as the above reference is not fully working.
https://www.talentica.com/blogs/publish-your-android-library-on-jitpack-for-better-reachability/
Take the jitpack.yml file from the first article and add it to your GitHub project along with the 3 generated files from the above tutorial.
Some options to host private maven repos are Sonatype Nexus or Jfrog both of which offer free options as well as paid enterprise plans depending on your requirements.
There are a lot of online tutorials on how to upload private repos to these solutions. For example this blog post covering nexus setup.
1.you can use private repo like https://mymavenrepo.com/ and enable
Read: HTTP Basic Auth
2.All parts of the code except library Api can be obfuscated
3.Depending on the repo you use, it is possible
I hope it is useful
So I am starting to work on some open source libraries that is out there, mainly I have found bugs with the library using my specific project. As far as I know the Gradle library dependency is cached somewhere and not accessible.
What I would like to do is be able to create a branch for the fix and test in my project. Is there efficient way of doing this or do I need to comment out my gradle dependency and do a manual import of the library and do the fix?
I think that project is available on GitHub? You have 2 options then:
Open a issue at the project and describe your problems. Maybe the author will fix them himself
Fork the Project. You can work on your own on it then and make a Pull Request later if you want to.
You can of course download the source code and modify it yourself locally too, but that's not the purpose of Open Source Projects I think :)
I'm a beginner in Android programing, and I'm working with android studio...now i wander what is the best way for installing open sources libraries from gitHub.
my question is from organization principles point of view-
should i create a new package for every library and put all the library source code as is in that package? should the package be in the source.main.java folder?? (the one that the android studio creates automaticly).
sorry for the dumb question...it's just that im taking my first baby steps in a big scale program and i don't want to loose my head in the future because of bad organization practices.
There's no right answer to this question. A few wrong ways to do it, but common sense will guide you.
My advice:
Start by having the source of this open source code checked into your company's source control system somewhere and capable of being built or re-built as needed. Not necessarily in your project, but just getting the code checked in so it can't be lost or confused with the original author's ever evolving changes on GitHub.
As to how you consume it, you have several options.
Build the open source in it's own project (checked into source control, but separate from your main project). Then just take the drop of compiled files (.class, .jar, .lib, etc...) and check that into your main project. This is the most flexible option if you don't think you are ever going to need to change the open source code that often. Has the side benefit of being managed for several projects.
Drop the source code as-is directly into your project. This means you will always be rebuilding the code. This gives the most flexibility with evolving and changing the the code specific to your project needs.
There's probably hybrid solutions of these options as well.
The bottom line is that whatever you use needs to be copied and building in your own system. Because the code you pulled down from GitHub could go away or change significantly at any time.
A simple solution would be to use JitPack to import those GitHub projects into your gradle build.
First you need to add the repository:
repositories {
maven { url "https://jitpack.io" }
}
and then all the GitHub repositories as dependencies:
dependencies {
compile 'com.github.RepoOwner:Repo:Version'
// more dependencies...
}
Behind the scenes JitPack will check out the code and compile it.
I think you are looking for this. If you are using eclipse, you should check this
If you are looking for adding jar file to your lib, you can simply create a lib folder in your project and add jar file into the library and you must add the line compile files('jarfile.jar') in the build file(gradle build). If you are using eclipse you can follow this
By the way, creating a package for each library and putting all library source codes doesn't look sane to me. It is almost equivalent to recreating the project. I'm sure that it is not the proper approach.
If the third-party code is packaged as a .jar or a .aar and made available in public-facing maven repository (e.g. maven central), then you should add the library as a dependency in your build.gradle file.
If it is not available as a maven/gradle dependency, you could add the library's code to your project as suggested in other answers here. I have never liked that solution at all.
You could also build the .jar or .aar and add that to your project's lib directory, as also suggested by other answers here. For a small, simple project with few dependencies, that might make sense.
What I like to do for larger, longer-lived projects, is to set up my own Nexus server (a Maven repo server), and put the third-party dependencies there.
I would like built a closed source android library using the Gradle. My library has some dependencies to open source projects. How should I structure my library? Can I use gradle?
Can I use gradle?
Short answer:
Yes.
Long answer:
I would assume that your library is packaged as aar (contains resources and compiled bytecode).
First thing you need to know is that at the moment of writing this post there is no way to create fat-aar libraries, which means that you'll have to distribute dependencies of your library separately. The most convenient way to do that, in my opinion, is to generate pom.xml file and publish your library on Maven repository (maven plugin can do all of that), so clients will just fetch all dependencies themselves. Since it is a "private" library, that could be your company's closed repo by access rights (in simple words - create special user for your repo and share password with interested parties).
One downside here is that all dependencies will be exposed in pom.xml and you won't be able to obfuscate them. Personally, I don't think that this is an issue.
Moreover, you get the huge advantage of being able to deploy build automatically and let clients use snapshot versions of the library. This is extremely helpful when you're trying to fix issues and want to deliver them to users fast. On client's side, all they need to do is either just update version in their build.gradle or just re-sync project in case if they were using snapshot.
Second thing. Since your library is closed source, you need to run proguard to obfuscate everything but public interface of your library (all public methods which are exposed to end user).
Remember, that even after obfuscation your code still can be decompiled and all string literals are still there. So, although it was said million times already, avoid storing any critical data in the library (such as passwords, keys, etc.). It is not as hard to extract it as you might think it is: https://www.youtube.com/watch?v=X28Oogg2Q3k
Third thing. I highly suggest you to create internal test project (as a gradle submodule) which will use your library, so you will be sure that you're not making any breaking changes.
Hopefully this answer made things at least a bit easier for you.
As you can see from my passed 3 questions I am having major problems with my project setup. I am getting lots of very specific errors that seems like nobody can answer them. I am getting hugely frustrated. So I am going to try a fresh approach. I will describe how I would like my project set up and if somebody could give me some brief steps to follow I would be very grateful. After messing around with this for around a week I believe I have some knowledge but maven seems to be incredibly difficult to understand.
I am writing a library which will be used in 2 projects. The major libraries I would like to use are roboguice, robolectric and jackson(json library). I would like to have a way to test the library but I am unsure if this should be in a different module or not. Robolectric seems to suggest it should be in the same module. I am unsure how I should use this library in the other 2 projects. I have been looking at this http://code.google.com/p/maven-android-plugin/wiki/ApkLib but unfortunately the website tells me next to nothing about how I should create the apklib.
If it is possible I would also like the other 2 projects to have a dependency on that library and build it automatically.
I have been using this site to create the maven project http://stand.spree.de/wiki_details_maven_archetypes
But I have been running into issue after issue. If anybody can point me in the right direction I will be very appreicative
Even if maven is (almost) a foreign country to me, I had some moderate success setting up a maven project and interacting with it using intellij. I wanted to use it because it looked the easiest way to have robolectric working with intellij.
I wrote a blogpost you can find here
What you need is:
Maven android sdk deployer https://github.com/mosabua/maven-android-sdk-deployer
Maven android plugin http://code.google.com/p/maven-android-plugin/wiki/GettingStarted (using android archetypes is just fine)
If you want to build an apk lib instead of an apk, just specify apklib in the packaging tag
PS: I also saw this a while ago, but never gave it a try.