If I build my app in debug it works perfectly. However, when I build for release with proguard, I get several errors and then the build fails. The error summary:
Warning:there were 445 unresolved references to classes or interfaces.
Warning:there were 13 instances of library classes depending on program classes.
I modified my proguard-rules.txt file as shown below. This allowed the build to succeed, but when I install the app, the amazon downloads do not work (works in the debug version).
-keep class org.xmlpull.v1.**
-keep class org.apache.http.**
-keep class org.ietf.jgss.**
-keep class com.amazonaws.services.**
-keep class org.w3c.dom.bootstrap.**
-dontwarn org.xmlpull.v1.**
-dontwarn org.apache.http.**
-dontwarn org.ietf.jgss.**
-dontwarn com.amazonaws.services.**
-dontwarn org.w3c.dom.bootstrap.**
Any suggestions as to how I can get this fixed please?
Update:
Have narrowed it down to a GSON/JSONPARSER issue. For the release version, JSONPARSER does not convert downloaded json to a supplied class like it does in debug. The GSON proguard rules (see update 2 ) have also been added but the issue persists.
-keep class org.apache.commons.logging.** { *; }
-keep class com.amazonaws.services.sqs.QueueUrlHandler { *; }
-keep class com.amazonaws.javax.xml.transform.sax.* { public *; }
-keep class com.amazonaws.javax.xml.stream.** { *; }
-keep class com.amazonaws.services.**.model.*Exception* { *; }
-keep class com.amazonaws.internal.** { *; }
-keep class org.codehaus.** { *; }
-keep class org.joda.convert.* { *; }
-keepattributes Signature,*Annotation*,EnclosingMethod
-keepnames class com.fasterxml.jackson.** { *; }
-keepnames class com.amazonaws.** { *; }
-dontwarn com.amazonaws.auth.policy.conditions.S3ConditionFactory
-dontwarn org.joda.time.**
-dontwarn com.fasterxml.jackson.databind.**
-dontwarn javax.xml.stream.events.**
-dontwarn org.codehaus.jackson.**
-dontwarn org.apache.commons.logging.impl.**
-dontwarn org.apache.http.conn.scheme.**
-dontwarn org.apache.http.annotation.**
-dontwarn org.ietf.jgss.**
-dontwarn org.w3c.dom.bootstrap.**
-dontwarn org.xmlpull.v1.**
-dontwarn com.amazonaws.services.**
-libraryjars libs/aws-android-sdk-1.7.1.1-core.jar
-libraryjars libs/aws-android-sdk-1.7.1.1-s3.jar
-libraryjars libs/gson-2.2.4.jar
-libraryjars libs/ksoap2-android-assembly-3.3.0-jar-with-dependencies.jar
Update 2
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature
# For using GSON #Expose annotation
-keepattributes *Annotation*
# Gson specific classes
-keep class sun.misc.Unsafe { *; }
-keep class com.google.gson.stream.** { *; }
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
Finally solved. GSON could not convert my JSON into a class using the fromJson method as proguard had obfuscated my class's fields. I had to add for each of my classes used during json deserialization:
-keepclassmembers class fully.qualified.path.to.class$innerclass {
private <fields>;
}
As per usual, no mention of this in the GSON docs. This was a project I took over - I personally have never used GSON and wont do so in future.
A few notes to those facing similar issues:
Always make sure when you use a library to include all the
recommended (by the library - see their web pages) entries in your
proguard-rules.text file.
They have mentioned in the comments in the second last line of update2.
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
Change the last line to your actual path inside code to classes that will be serialized. Don't copy paste as it is. Example:
-keep class com.myclass.model.** { *; }
That worked for me.
Related
I'm building an Android app using Android Gradle Plugin 4.1.0 and Gradle 6.5.1. In my build.gradle file the flag minifyEnabled has the value true. This is my proguard-rules.pro file:
#rx
-dontwarn rx.**
-keep class rx.** { *; }
#retrofit / okhttp
-dontwarn retrofit.**
-keep class retrofit.** { *; }
-keep class okio.** { *; }
-keep class com.squareup.okhttp.** { *; }
-keep interface com.squareup.okhttp.** { *; }
-dontwarn com.squareup.okhttp.**
-dontwarn okhttp3.internal.platform.**
-dontwarn okio.**
-dontwarn org.conscrypt.**
#gson
-keepattributes SerializedName
-keep class com.google.gson.** { *; }
-keep class sun.misc.Unsafe { *; }
-keep class * implements com.google.gson.TypeAdapterFactory
-keep class * implements com.google.gson.JsonSerializer
-keep class * implements com.google.gson.JsonDeserializer
-keepclassmembers enum * { *; }
-keepattributes Signature
-keepattributes Exceptions
-keepattributes *Annotation*
-dontwarn javax.annotation.Nullable
-dontwarn javax.annotation.ParametersAreNonnullByDefault
-dontwarn javax.annotation.concurrent.GuardedBy
-dontwarn org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement
#guava
-dontwarn afu.org.checkerframework.checker.formatter.**
-dontwarn afu.org.checkerframework.checker.nullness.**
-dontwarn afu.org.checkerframework.checker.regex.**
-dontwarn afu.org.checkerframework.checker.units.**
-keep class * implements ru.surfstudio.android.network.Transformable
-keep class * implements ru.surfstudio.android.network.response.BaseResponse
-dontwarn com.bumptech.glide.**
#firebase crashlytics
-printmapping mapping.txt
-keepattributes *Annotation*,SourceFile,LineNumberTable
-keep public class * extends java.lang.Exception
-keep class com.google.firebase.crashlytics.** { *; }
-dontwarn com.google.firebase.crashlytics.**
#kotlin-reflect
#https://stackoverflow.com/questions/45871970/kotlin-reflect-proguard-smallsortedmap
-dontwarn kotlin.reflect.jvm.internal.**
#Cashoff javascript interface
-keep class ru.sbi.android.f_analytics.analytics.CashoffInteface { *; }
-dontwarn ru.sbi.android.f_main.R$id
-keep class ru.sbi.android.ui.navigation.MainTabType
#Cross-feature navigation keeps
-keep interface ru.sbi.android.ui.fragment.CrossFeatureFragment {*;}
-keep class * implements ru.sbi.android.ui.fragment.CrossFeatureFragment
#android standard
-keep class ru.surfstudio.android.rx.extension.ConsumerSafe { *; }
-keep class ru.surfstudio.android.rx.extension.ActionSafe { *; }
#AndroidPdfViewer
-keep class com.shockwave.pdfium.util.Size
#firebase
-dontwarn com.google.firebase.messaging.**
#android material
-keep class com.google.android.material.** { *; }
-dontwarn com.google.android.material.**
#Если вы хотите применять новый API Google API для отслеживания инициаторов
-dontwarn com.android.installreferrer.com.android.installreferrer
-ignorewarnings
I see lots of minifyReleaseWithR8 tasks being executed during the build.
But when I'm decompiling the resulting APK using apktool I see that all the package, class, methods names are the same as in my Android Studio. How can I understand why R8 doesn't obfuscate the code?
You have a keep rule for every single class you use in your app. If you have a -keep rule matching a class it will be kept and not obfuscated. For obfuscation to rename items (classes/fields and methods) that either have to not be matched by a keep rule (or matched by a keep rule with modifier allowobfuscation).
Keep rules are only required for items which are looked up through reflection, so you will have to trim down your rules to a much smaller set. I suggest that you start out by an empty proguard-rules.pro and only get what getDefaultProguardFile('proguard-android-optimize.txt') generates (like here). Then your app might not work, but then you can figure out what is going wrong and start adding additional rules. One way to start there is to only keep the classes in you own application package (-keep class ru.sbi.android.** { *; }), as libraries normally does not need keep rules, and then try to trim that further.
Please take a look at Shrink, obfuscate, and optimize your app as well.
I use ProGuard and Joda Time in my Android application (of course, I use a version optimized for Android: https://github.com/dlew/joda-time-android). I ran into the problem that with optimization and obfuscation turned on, I get an error when I try to use PeriodFormat:
java.util.MissingResourceException: can't find resource for bundle java.util.PropertyResourceBundle, key PeriodFormat.space
I compared the contents of the APK when building with and without proguard and saw that the org/joda/time/format directory in the non-optimized version contains 15 properties files, and only 9 in the optimized version. In these files I saw the PeriodFormat.space keys, so leaves no doubt that the exception caused by the loss of these files.
How to configure proguard so that the contents of this directory are transferred to the optimized APK without any optimizations?
I already use the following rules for Joda Time:
-dontwarn org.joda.convert.**
-dontwarn org.joda.time.**
-keep class org.joda.** { *; }
-keep interface org.joda.** { *; }
-keepdirectories org.joda.**
However, they are not enough, because the files still disappear.
java.util.MissingResourceException: can't find resource for bundle
java.util.PropertyResourceBundle, key PeriodFormat.space
Don't
-keep class org.joda.** { *; }
-keep interface org.joda.** { *; }
Do
-keep class org.joda.time.** { *; }
-keep interface org.joda.time.** { *; }
Your proguard will be
-dontwarn org.joda.convert.**
-dontwarn org.joda.time.**
-keep class org.joda.time.** { *; }
-keep interface org.joda.time.** { *; }
Read -keep options.
I have an app that uses retrofit to load data from json file on server. When I run the application on a real device or AVD it loads json to my recyclerview's items and every thing is fine. But when I build an signed APK and then install the app, it doesn't load the json's data like my images urls and ...
# Add project specific ProGuard rules here.
# You can control the set of applied configuration files using the
# proguardFiles setting in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
# Uncomment this to preserve the line number information for
# debugging stack traces.
#-keepattributes SourceFile,LineNumberTable
# If you keep the line number information, uncomment this to
# hide the original source file name.
#-renamesourcefileattribute SourceFile
-dontwarn javax.annotation.**
-dontwarn okhttp3.**
-dontwarn okio.**
-dontwarn javax.annotation.**
-dontwarn org.conscrypt.**
# A resource is loaded with a relative path so the package of this class must be preserved.
-keepnames class okhttp3.internal.publicsuffix.PublicSuffixDatabase
-dontwarn retrofit2.Platform$Java8
# Platform calls Class.forName on types which do not exist on Android to determine platform.
-dontnote retrofit2.Platform
# Platform used when running on Java 8 VMs. Will not be used at runtime.
-dontwarn retrofit2.Platform$Java8
# Retain generic type information for use by reflection by converters and adapters.
-keepattributes Signature
# Retain declared checked exceptions for use by a Proxy instance.
-keepattributes Exceptions
# Retrofit
-keep class com.google.gson.** { *; }
-keep public class com.google.gson.** {public private protected *;}
-keep class com.google.inject.** { *; }
-keep class org.apache.http.** { *; }
-keep class org.apache.james.mime4j.** { *; }
-keep class javax.inject.** { *; }
-keep class javax.xml.stream.** { *; }
-keep class retrofit.** { *; }
-keep class com.google.appengine.** { *; }
-keepattributes *Annotation*
-keepattributes Signature
-dontwarn com.squareup.okhttp.*
-dontwarn rx.**
-dontwarn javax.xml.stream.**
-dontwarn com.google.appengine.**
-dontwarn java.nio.file.**
# Retrofit 2.X
## https://square.github.io/retrofit/ ##
-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions
-keepclasseswithmembers class * {
#retrofit2.http.* <methods>;
}
-keep class io.plaidapp.data.api.dribbble.model.** { *; }
-keep public class android.support.design.widget.BottomNavigationView { *; }
-keep public class android.support.design.internal.BottomNavigationMenuView { *; }
-keep public class android.support.design.internal.BottomNavigationPresenter { *; }
-keep public class android.support.design.internal.BottomNavigationItemView { *; }
While using proguard, you need to keep your model classes used for Retrofit.
Use -keepclass and specify all your model/pojo classes.
-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions
-keepclasseswithmembers class * {
#retrofit2.http.* <methods>;
}
When you're generating your signed application, ProGuard is executing its minification rules against your code. You mention you are using Retrofit. Retrofit's documentation includes ProGuard rules that need to be included in your application as well:
# Platform calls Class.forName on types which do not exist on Android to determine platform.
-dontnote retrofit2.Platform
# Platform used when running on Java 8 VMs. Will not be used at runtime.
-dontwarn retrofit2.Platform$Java8
# Retain generic type information for use by reflection by converters and adapters.
-keepattributes Signature
# Retain declared checked exceptions for use by a Proxy instance.
-keepattributes Exceptions
Additionally, since Retrofit is built on top of Okio, you may need to include Okio proguard rules as well:
-dontwarn okio.**
Set minifyEnabled to false in your build.gradle file.
buildTypes {
release {
minifyEnabled false
I am using IBM's mobilefirst worklight version 6.3 for push notification. Everything works fine when i dont apply proguard.
When i apply proguard and run the build while subscribing for the push notification only i get the following exception.
java.lang.RuntimeException: Failed to find the icon resource. Add the icon file under the /res/drawable folder.
I have the push.png named file in the drawable folder.
Any suggestions on how to handle that on the proguard or is it a worklights bug?
had the same issue with another third party library but it was resolved when i added keep class com.classname.** {*;} i did the same for worklight as well -keep class com.worklight.** {*;} but it is of no use.
below is the proguard configuration that i have used
-keepclassmembers class * {
#android.webkit.JavascriptInterface <methods>;
}
-keep class com.google.gson.Gson
-keep class com.billdesk.** {*;}
-keep public class com.worklight.** {*;}
-dontwarn com.worklight.**
-dontwarn com.auth0.jwt.**
-dontwarn com.squareup.picasso.**
-dontwarn com.viewpagerindicator.**
-dontwarn org.bouncycastle.**
MobileFirst 6.3 does not officially support obfuscation using Proguard.
Even so, an Android project obfuscated using Proguard works fine without issues in most cases.
I am not able to recreate the issue you mention.I tested the MFP 6.3 Eventsource notifications sample after obfuscating with Proguard and the application worked fine. No runtime exceptions were seen.
Android SDK Tools : 25.1.1
Target API Level : 19
Proguard version : 4.7
To begin with:
Ensure that push.png is present in all drawable folders and not just the generic one.
Check the proguard obfusction logs to see if "push.png" is being crunched in all folders and look for error messages.
Modify the proguard configuration to contain-
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepattributes InnerClasses
-keep class **.R
-keep class **.R$* {
<fields>;
}
-keep class org.apache.cordova.** { *; }
-keep public class * extends org.apache.cordova.CordovaPlugin
-keep class com.worklight.androidgap.push.** { *; }
-keep class com.worklight.wlclient.push.** { *; }
-keep class com.worklight.common.security.AppAuthenticityToken { *; }
-keep class com.google.** { *;}
-dontwarn com.google.common.**
-dontwarn com.google.ads.**
-dontwarn com.worklight.androidgap.push.GCMIntentService
-dontwarn com.worklight.androidgap.plugin.WLInitializationPlugin
-dontwarn com.worklight.wlclient.push.GCMIntentService
-dontwarn org.bouncycastle.**
-dontwarn com.worklight.nativeandroid.common.WLUtils
-dontwarn com.worklight.wlclient.push.WLBroadcastReceiver
-dontwarn com.worklight.wlclient.push.common.*
-dontwarn com.worklight.wlclient.api.WLPush
My android development process is to build and debug my app in eclipse and when I'm ready to publish I produce a signed, obfuscated (with proguard) apk by running "ant release" from the shell.
Is it possible to produce a signed, proguard release from within eclipse? I'm using eclipse indigo on windows with version 13 of the ADK
Yes. Once you enable ProGuard by adding the proguard.config=proguard.cfg entry to project.properties, Eclipse will obfuscate your code when you export an signed package. Details here.
BTW, you should upgrade to the latest ADT (15).
Use this in proguard files of yours you can able to make obfuscated build after enabling proguard in release/debug build.
Lakshay Proguard-Files entry details
# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
-keepclassmembers class fqcn.of.javascript.interface.for.webview {
public *;
}
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontpreverify
-verbose
-dontoptimize
-dontwarn android.support.**
-dontwarn com.google.**
-dontwarn com.loopj.android.http.**
-dontwarn com.worklight.androidgap.plugin.**
-dontwarn com.worklight.wlclient.**
#-injars bin/classes
#-injars libs
#-outjars bin/classes-processed.jar
# Using Google's License Verification Library
-keep class com.android.vending.licensing.ILicensingService
# Specifies to write out some more information during processing.
# If the program terminates with an exception, this option will print out the entire stack trace, instead of just the exception message.
-verbose
####################################################################################################
############################## IBM MobileFirst Platform configuration ############################
####################################################################################################
# Annotations are represented by attributes that have no direct effect on the execution of the code.
-keepattributes *Annotation*,EnclosingMethod
# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native
-keepclasseswithmembernames class * {
native <methods>;
}
# keep setters in Views so that animations can still work.
# see http://proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers public class * extends android.view.View {
void set*(***);
*** get*();
}
-keepattributes InnerClasses
-keep class **.R
-keep class **.R$* {
<fields>;
}
# These options let obfuscated applications or libraries produce stack traces that can still be deciphered later on
-renamesourcefileattribute SourceFile
-keepattributes SourceFile,LineNumberTable
# Enable proguard with Cordova
-keep class org.apache.cordova.** { *; }
-keep public class * extends org.apache.cordova.CordovaPlugin
-keep class com.worklight.androidgap.push.** { *; }
-keep class com.worklight.wlclient.push.** { *; }
-keep class com.worklight.common.security.AppAuthenticityToken { *; }
# Enable proguard with Google libs
-keep class com.google.** { *;}
-dontwarn com.google.common.**
-dontwarn com.google.ads.**
# apache.http
-keep class org.apache.http.** { *; }
-keep class com.worklight.** {
*;
}
-keep class org.apache.commons.codec.** {
*;
}
-keep class net.sqlcipher.** { *; }
-dontwarn net.sqlcipher.**
-keep class org.codehaus.** { *; }
-dontwarn org.apache.http.**
-dontwarn org.apache.commons.codec.**
-optimizations !class/merging/vertical*,!class/merging/horizontal*,!code/simplification/arithmetic,!field/*,!code/allocation/variable
-keep class org.apache.http.* { *; }
-keep class org.apache.http.client.** { *; }
-keep class org.apache.http.cookie.** { *; }
-keep class org.apache.http.impl.cookie.** { *; }
-keep class org.apache.http.message.** { *; }
-keep class org.apache.http.util.** { *; }
# These classes contain references to external jars which are not included in the default MobileFirst project.
-dontwarn com.worklight.common.internal.WLTrusteerInternal*
-dontwarn com.worklight.jsonstore.**
-dontwarn org.codehaus.jackson.map.ext.**
-dontwarn com.worklight.androidgap.push.GCMIntentService
-dontwarn com.worklight.androidgap.plugin.WLInitializationPlugin
-dontwarn com.worklight.wlclient.push.GCMIntentService
-dontwarn org.bouncycastle.**
-dontwarn com.worklight.androidgap.jsonstore.security.SecurityManager
-dontwarn com.worklight.wlclient.push.WLBroadcastReceiver
-dontwarn com.worklight.wlclient.push.common.*
-dontwarn com.worklight.wlclient.api.WLPush
-dontwarn com.worklight.wlclient.api.SecurityUtils
######################################################################################################
-ignorewarnings