Many times after building an app and uploading it to play store I realize that I haven't guarded the apk using proguard feature provided by android and anyone can decompile the app using various tools to get my app's source code. So is it possible that whenever i create a new project the proguard feature is automatically enabled and my app's source code can be secure?
For obfuscation just add to project.properties file in android project the following line:
proguard.config=proguard.cfg
see details in android's development page here
Probably you will have to right a custom ant build script which throws an error when proguard property is not set in properties.To write custom ant build script visit this link:
http://www.androidengineer.com/2010/06/using-ant-to-automate-building-android.html
Related
I searched around the net a simple example of how to use ProGuard to protect your Android app from "code thieves". And I ended doing like this and you tell me if this is all it takes:
I opened project.properties file of my project in Eclipse, and uncomment and left this line: proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
Then I went to my project's Android Tools => Export Signed Application Package...
and export it with existing keystore which I made earlier when I was exporting app to test it in my phone.
In my project, above project.properties appeared to be created a new file proguard-project.txt, which I expected because the above line: ...proguard-android.txt:proguard-project.txt.
And that's it?
Or no? Do I have to add something else because I've seen that others are adding some classes to inculde in file, ... Is that not included?
Help me to learn how to protect my app. Thanks in advance!
Yeas, that's all if you want to protect your code only.
if you have resources that have copyrights, consider using the Android Copy protection.
When pubishing your app : go to section Publishing options subsection Copy Protection
Check Copy Protection : On
This prevent hackers to export the apk and by the way, prevent your resources from most of hackers.
For the most part, that is all you need to do. If you use any external libraries, you may have to modify your config file in order to export your app. You should test your protected app on your device to before publishing.
First of all, i'm new on ProGuard, but i read some tutorials and i know that the best way to use it on android is the one described on android.developer guide.
im trying to obfuscate the code of my new Android app with ProGuard. For that i enter this website: http://developer.android.com/tools/help/proguard.html#enabling
But it tells: "hen you create an Android project, a proguard.cfg file is automatically generated in the root directory of the project."
That file does not exist on my project root directory, so i dont know how to continue. My Android app is for api level 4, 1.6, so, is it possible that this is a problem for using ProGuard?
How can i use proguard with an app for api 4 (android 1.6)
Thanks a lot
You need a proguard.cfg File. You can either create it by hand or use the proguard-GUI (> java -jar proguardgui.jar). Using the GUI makes some things easier, but a basic understandig of proguard and obfuscating is still required. It isn't very comfortable to use the gui for obfuscating your release apk, so proviging the config-file and using the SDKs Build tools is still the best way to go.
The ACRA Documentation features an Example for a proguard.cfg http://code.google.com/p/acra/wiki/ACRAProGuardHowTo most of the stuff is ACRA related and can be ommited if you don't use ACRA in your project.
I Don't know if the SDK is supposed to create an proguard.cfg. If never seen one which was created automaticaly, so i suggest you go with the file as supplied by the acra-guys for a starting point.
Make sure that you are using the latest Android SDK. You can check this with the standard android application from the SDK.
Then make sure that your project directory is up-to-date too, by typing
adb update project -p MyProjectDirectory
(from the command-line, with the proper path to the directory of your project). This should create a ProGuard configuration file, which is called proguard-project.txt in recent releases of the SDK.
You can then enable ProGuard by uncommenting the proper line in project.properties.
I have been working on one project which is too complex and contain very much space with so many images and Java files as well.
Somewhere I have read about the proguard which optimizes the code.
I have used it, but it's still does not have an effect on my final APK file.
It might be I have made a mistake somewhere. I have the following this like http://developer.android.com/guide/developing/tools/proguard.html.
How can I optimize my code?
You can add it to the default.properties. I've been adding manually without having a problem so far.
If you add the line:
proguard.config=proguard.cfg
As said it will only use ProGuard when exporting signed application (Android Tools => Export Signed Application)
If you start the project with the SDK before Android 2.3 the proguard.cfg file will not be created (next to default.properties as in 2.3>).
To enable automatic creation of it, just simply update to the SDK of Android 2.3 and create a new project with existing sources (which are the sources of the project you currently have).
Automagically the proguard.cfg fill will be created.
Without optimizations the compiler produces very dumb code - each command is compiled in a very straightforward manner, so that it does the intended thing.
The Debug builds have optimizations disabled by default, because without the optimizations the produced executable matches the source code in a straightforward manner.
Please refer this one
From documentation:
ProGuard is integrated into the Android build system, so you do not have to invoke it manually. ProGuard runs only when you build your application in release mode, so you do not have to deal with obfuscated code when you build your application in debug mode.
I am wondering about how to obfuscate the Android application using ProGuard tool.
I've read info from http://android-sdk.appspot.com/guide/developing/tools/proguard.html.
But no luck still. I've set to enable configuration for ProGuard tool in default.properties file added following line:
proguard.config=proguard.cfg
Then build the project. And was looking to generate "mapping.txt". But not generated.
Can you suggest me where I am wrong ?
Thanks in advance.
ProGuard only runs when making external builds, not internal development builds. Use File->Export->Android->Export Android Application
ProGuard is only integrated in the Android build process as of the Android 2.2 SDK. You may have to update to the latest SDK and then update the project with "android update project".
Furthermore, ProGuard is only applied in release builds: "ant release".
Your doing nothing wrong. In addition to setting the config file as you indicated you might also need to set debuggable=false in the android manifest.
I am trying to use progurard with my android applications.
The proguardGui accepts an input, and an output, the input requires a jar file. but the APK file for android doesn't contain any jar?
I tried passing the apk file, and also the dex file inside the apx, but proguard doesn't accept them as an input. proguard only accepts jars, ears, wars, zips so how can i use the proguard gui with my android application?
I detailed complete instructions on how to do it here: http://www.androidengineer.com/2010/07/optimizing-obfuscating-and-shrinking.html
Basically, you have to first set up an Ant build for your Android project, which is relatively painless. Then, you add in the ProGuard Ant target between the Java compilation step and the DEX step. Remember, ProGuard only works on Java bytecode, and Android uses the Dalvik JVM which uses .dex bytecode, so that's why it happens between those two steps.
Actually the Android SDK already integrates ProGuard.
You only need to uncomment the line "proguard.config=....." in the file project.properties (created or updated by Android SDK 17 or higher), in order to enable ProGuard.
Source: ProGuard examples -> a complete Android Application