To perform optimization on my Android app I enabled the following statement in project.properties.
target=android-15
android.library=true
proguard.config=proguard-android-optimize.txt
and in the proguard-android-optimize.txt, I have written the -dontwarn and -keep statements.
My build is getting successful but it is not getting optimized: my problem is that The size of the APK is remaining the same.
Can anyone suggest me how can I optimize my code?
The line in project.properties that enables ProGuard with optimization typically looks like this:
proguard.config=${sdk.dir}/tools/proguard/proguard-android-optimize.txt:proguard-project.txt
You can of course replace these two files by a single custom configuration file, but you then should be careful to specify the proper settings. If you specify -dontshrink, -dontoptimize, -dontobfuscate, or -keep with patterns that are too broad, you may not see the optimizations that you'd like.
With Ant and Eclipse, ProGuard is only applied for release builds.
With Gradle, you have to enable ProGuard in build.gradle.
Related
play-services-base-16.0.1.aar (mvnrepository) has proguard.txt with following content:
# b/35135904 Ensure that proguard will not strip the mResultGuardian.
-keepclassmembers class com.google.android.gms.common.api.internal.BasePendingResult {
com.google.android.gms.common.api.internal.BasePendingResult$ReleasableResultGuardian mResultGuardian;
}
But you can see in classes.jar that type of mResultGuardian is already obfuscated to BasePendingResult.zaa. I guess that is why I get
Note: the configuration refers to the unknown class 'com.google.android.gms.common.api.internal.BasePendingResult$ReleasableResultGuardian'
How that's supposed to work? I'm new to Proguard and only have very basic understanding of what is going on so please make your answers simple :)
Project details:
gradlew version: 5.4
build plugin: com.android.tools.build:gradle:3.2.0
Unfortunatelly I can't update gradle build plugin to 3.3.* or 3.4.* right now because some of the scripts are incompatible and would require significant refactoring.
app/proguard.txt (from recommendations I've seen):
-keep class com.google.android.gms.analytics.** { *; }
-keep class com.google.android.gms.gcm.** { *; }
-dontwarn com.google.android.gms.**
But that doesn't help.
UPD
I end up upgrading to com.android.tools.build:gradle:3.4.1 (some api changes had to be adapted) which fixed the issue but I still don't get how that's supposed to work with rules like that.
“If the proguard set up in your project it does some jobs for us in the built process : Minification, obfuscation, repackaging and optimisation. Enabling it is straightforward if you’re using gradle, just set minifyEnabled to true for your release buildType in build.gradle and pass the default set of android optimisation rules.
This will help to shrink, speed up and protect your app. However it mainly works by removing code that is never called and renaming what’s left. This is all well and good until you encounter reflection.
Reflection lets you write code that can look up and execute other code based on its name (among other things)”
“You can also use ProGuard if you or any of the libraries in your app use reflection, here you specify rules as to which classes, methods and other parts of your app ProGuard should leave alone. You can list all these rules in a file and pass them to ProGuard via the proguardFiles method back in your build.gradle. The general convention is for this file to be called proguard-rules.pro”
These doc1, doc2 provide you more information on how to work with rules
I have an Android project with a proguard-rules.pro file for the app module that contains only the following:
# ProGuard rules
-dontobfuscate
-dontwarn android.arch.util.paging.CountedDataSource
-dontwarn android.arch.persistence.room.paging.LimitOffsetDataSource
I am not keeping anything myself. All -keep rules are coming from something else, whether that is the rules provided by getDefaultProguardFile('proguard-android-optimize.txt') or from rules packaged in libraries.
However, stuff is being kept that I am not using. If I use the Android Studio APK Analyzer on my release build, while lots of things are removed by ProGuard, lots of other things are kept that I am not referencing.
For example: through transitive dependencies, I have the Support Library module that contains ViewPager in the app's dependencies tree. However, I am not (presently) using ViewPager in this app. Despite this, something is causing it to be kept, as the APK Analyzer shows 107 defined methods for android.support.v4.view.ViewPager, including its constructor.
I could use various ProGuard options to track down why this is being kept. However, it is not coming from my rules. There is no -keep of my own that needs fixing — the -keep is coming from somebody else, presumably a Google engineer.
So, how do I get rid of ViewPager? Is there a way that I can override the -keep rule that is causing it to be kept (e.g., using allowshrinking)? If so, how does ProGuard, as invoked by Android Studio, determine whose -keep rule wins?
The ViewPager class isn't kept in a small app that I just checked, so it must be other code or other rules in your project indeed.
You can start with letting ProGuard print out the chain that triggers ViewPager to be kept:
-whyareyoukeeping class android.support.v4.view.ViewPager
You may need to repeat this a number of times for various classes and methods to get to the root cause. ProGuard doesn't print out which rule exactly is responsible -- admittedly, this would be a useful feature.
You can then look for the proguard.txt file in build/intermediates/exploded-aar that contains a matching rule.
As for a solution at that point:
It is not possible to override -keep rules; they only accumulate.
As far as I know, the Android Gradle plugin also doesn't support disabling overly conservative proguard.txt files in libraries, so you'd need to create a custom .aar file with the updated rule, or send a suggestion to the developers of the library.
When I try to generate a release version for my app I get the bellow error :
Error:Execution failed for task ':app:proguardRelease'.
java.io.IOException: Please correct the above warnings first.
Blockquote
You may need to add missing library jars or update their versions.
If your code works fine without the missing classes, you can suppress
the warnings with '-dontwarn' options.
(http://proguard.sourceforge.net/manual/troubleshooting.html#unresolvedclass)
How can I force Android Studio Gradle plugin to use -dontwarn option ?
This occurs because the release build is using Proguard. You will need to add Proguard rules in proguard-rules.pro for some of the dependencies you are using. Most libraries provide the Proguard rules needed; look on their README page.
The -dontwarn option isn't an option for Android Studio or the Android Gradle Plugin. It is a ProGuard option used to tell ProGuard not to warn you about potential problems.
From the ProGuard manual:
-dontwarn
Specifies not to warn about unresolved references and other important problems at all. The optional filter is a regular expression; ProGuard doesn't print warnings about classes with matching names. Ignoring warnings can be dangerous. For instance, if the unresolved classes or class members are indeed required for processing, the processed code will not function properly. Only use this option if you know what you're doing!
If you need to use this option, then it should go in your project-specific ProGuard file (see here if you don't know how to add your own ProGuard file).
I have obfuscated my apk, but the file size has only been reduced from 12MB to 10.5MB.
The reason it is only a relatively small reduction may be because my app uses a couple of large libraries, but is there any way I can check the level of obfuscation that has been performed?
Just in case, this is my proguard-project.txt file...
# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
-dontwarn twitter4j.**
...and the libraries I'm using are android-support-v4.jar, acra-4.5.0.jar and twitter4j-core-4.0.2.jar.
Here is probably a more visual way to check.
In the newer release of Android Studio, it comes with the APK Analyser that let user explore what is in the APK file and it is handy to check if your class has been obfuscated.
Below image shows that both package and method name have been obfuscated
In your project directory you will find a Proguard folder, in which you will see four text files:
dump.txt
Describes the internal structure of all the class files in the .apk file
mapping.txt
Lists the mapping between the original and obfuscated class, method, and field names. This file is important when you receive a bug report from
a release build, because it translates the obfuscated stack trace back to the
original class, method, and member names. See Decoding Obfuscated Stack Traces
for more information.
seeds.txt
Lists the classes and members that are not obfuscated
usage.txt
Lists the code that was stripped from the .apk
Source: Proguard
Hope this helps!
Proguard
Proguard workflow:
seeds.txt - list of what Proguard keeps. These are entry points and they nodes. For example for bare java it is a main function and others dependencies
usage.txt - list of what Proguard does not keep
mapping.txt - info about old and new naming in old_name -> new_name format. It can be used for decoding stacktrace by retrace or proguardui
dump.txt - describe everything that Proguard put into the result archive
You can find output
<module_name>/build/outputs/mapping/<buildType>/
You can use Analyze APK tool. Where you can look thought .class files, add a Proguard mapping file, show removed nodes, show deobfuscated names
[ProGuard vs R8]
any way I can check the level of obfuscation that has been performed?
You might be able to use the flag -optimizationpasses N.
Specifies the number of optimization passes to be performed. By default, a single pass is performed. Multiple passes may result in further improvements. If no improvements are found after an optimization pass, the optimization is ended. Only applicable when optimizing.
ProGuard only shrinks/optimizes the parts you did not create -keep options for. When using broad -keep rules (ending in .** { *; }), the shrinking/optimization results quickly decrease.
I can see from the snippet you did not create such broad -keep options yourself but they may be part of the ProGuard consumer rules which are part of certain dependencies. You can print all these -keep options by adding the follwing in your ProGuard configuration file:
-printconfiguration fullconfig.txt. This will create the file fullconfig.txt in which all -keep options, including the ones of the dependencies, are listed.
If one of your dependencies contains too broad -keep options you could choose to ignore these by creating a consumer rule filter. This will require you to create the -keep options for the dependency yourself.
Recently there was a tool released to inspect what parts of a jar/apk are being kept thus not shrunken/optimized. You need to provide the -keep options and upload the jar/apk, you can then see in a visual way what parts of your project are not processed with ProGuard. This tool is called the ProGuard Playground. I would recommend copy/pasting the content of the fullconfig.txt file, that way you can easily see what parts are left untouched by ProGuard.
I'm trying to build an Android release with Ant and ProGuard. I uncommented the following line in project.properties, despite the comment in said file noting that you shouldn't modify it ;):
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
When obfuscating, I get the following notes:
[proguard] Note: the configuration refers to the unknown class 'com.google.vending.licensing.ILicensingService'
[proguard] Note: the configuration refers to the unknown class 'com.android.vending.licensing.ILicensingService'
I do understand why this is happening. These lines can be found in the default ProGuard config file (${sdk.dir}/tools/proguard/proguard-android.txt):
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService
I'm not using the Google Licensing Service, so the classes are indeed unknown. I found a solution to get rid of these notes by updating the proguard-project.txt:
-dontnote **ILicensingService
My question: Is this the correct way of handling this? It seems to me that these classes shouldn't be kept by default anyway, since that lib isn't mandatory for an android project. The only way I can think of to achieve this is by copying the default config file to my project, removing the -keep lines and ignoring the default config file in the SDK completely. Which doesn't seem as the proper way to go either. Or am I missing something?
The setting "-dontnote com.google.vending.licensing.ILicensingService" is fine. In fact, it could have been part of the default configuration file.
The -keep option may be necessary for projects that use the library.
The -dontnote option may be nice to suppress the note about the -keep option, for projects that don't use the library. The note is just a gentle reminder that the configuration file could contain a typo, because the specified class doesn't seem to exist. It doesn't affect the processing.