I would like to use proguard in my application. Can anyone tell me the steps should I follow to create the cfg file. Like what is the first step I have to do, where should I create the file..etc
On Android Developer's site there is a great documentation:
http://developer.android.com/tools/help/proguard.html
In short:
In your project directory find project.properties file. You should have similar line:
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt:proguard-google-api-client.txt
In txt files you should have proguard configuration.
You should know one thing that proguard is disable (by default) if you run application in debug mode. Proguard will "start" while exporting signed app.
Related
I am trying to obfuscate my simple HelloWorld project (that I just created) with ProGuard.
The configuration files are below.
[project.properties]
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
target=android-20
[proguard-project.txt]
Nothing valid. all the lines are commented.
Lastly, I created signed apk file through the menu, File - Export - Export Android Application,
with a new key.
To make sure that the apk is obfuscated properly, I unzip the apk and decompiled classes.dex to view the inner class files. but NOT obfuscated at all. all the function names in MainActivity.java are
still the same.
Anything I missed out?
Thank you.
Look at the "Enabling ProGuard" section at http://developer.android.com/tools/help/proguard.html to see exactly how ProGuard determines which configuration file(s) to use. Look carefully at the different ways to specify the file(s) for Eclipse builds vs. Android Studio (or Gradle) builds. The ProGuard configuration files delivered with the SDK are simple starting points (examples) that almost certainly will not do exactly what you want. You should copy them to an appropriate location and change them as needed for your particular needs.
I am using IntelliJ IDea 11.1.3 for Android development and I must admit it is a wonderful tool. I have few doubts about how to use Proguard with the IDE.
I have found the option of Run Progaurd under Open Module Settings -> Facets as in the image below
Run Proguard need a location of Config File which is defaulted to proguard-project.txt. Next is a check box which says Include system proguard file.
What System Proguard File is referred to in this checkbox option?
Given all the configuration of Proguard is in proguard-android.txt in Android SDK. How does proguard config works in the IntelliJ Idea?
P.S Any help will be highly appreciated I am trying to understand proguard with IntelliJ for almost a day now and having unsolved problems in another question.
After spending two days trying to work Proguard 4.7 with IntelliJ Idea, I have following points to conclude
It does not make any difference if you uncomment the line proguard.config=${sdk.dir}\tools\proguard\proguard-android.txt:proguard-project.txt in file project.properties.
I not sure if IntelliJ reads the proguard-android.txt file located at android-sdk/tools/proguard
IntelliJ idea reads the file proguard-project.txt files located in the project so suggestion is edit and place all your proguard configuration in this file.
I am still not clear what does Include system proguard file checkbox option do.
As per this google documentation http://developer.android.com/tools/help/proguard.html#enabling-gradle you need to change minifyEnabled false to minifyEnabled true in the projects build.gradle file.
...\app\proguard-rules.pro can be edited to add new rules if you need them. The default rules will probably do all you need, such as protect the names of methods that look like they might be invoked because of a layout xml onClick attribute. The document cited above also contains instructions for more complicated changes.
You will need to keep the mapping.txt file, which can be found under ...\app\build\outputs\mapping\release
I searched around the net a simple example of how to use ProGuard to protect your Android app from "code thieves". And I ended doing like this and you tell me if this is all it takes:
I opened project.properties file of my project in Eclipse, and uncomment and left this line: proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
Then I went to my project's Android Tools => Export Signed Application Package...
and export it with existing keystore which I made earlier when I was exporting app to test it in my phone.
In my project, above project.properties appeared to be created a new file proguard-project.txt, which I expected because the above line: ...proguard-android.txt:proguard-project.txt.
And that's it?
Or no? Do I have to add something else because I've seen that others are adding some classes to inculde in file, ... Is that not included?
Help me to learn how to protect my app. Thanks in advance!
Yeas, that's all if you want to protect your code only.
if you have resources that have copyrights, consider using the Android Copy protection.
When pubishing your app : go to section Publishing options subsection Copy Protection
Check Copy Protection : On
This prevent hackers to export the apk and by the way, prevent your resources from most of hackers.
For the most part, that is all you need to do. If you use any external libraries, you may have to modify your config file in order to export your app. You should test your protected app on your device to before publishing.
My project does not enable proguard when creating it. Therefore I need to manually add proguard and enable it via project.properties.
Is there any way I can know whether my application has been obfuscated or not aside from reverse engineering?
If your application has been obfuscated you will see a new folder called proguard in you project folder.
It should contain four text files: dump, mapping, seeds and usage.
Note that your project will not be obfuscated unless you build it in release mode.
Just for records, if you want to check if your code was really obfuscated, you can generate the APK and analyse it in this webpage: http://www.javadecompilers.com/apktool
You can check using Android Studio as well by generating the APK and later going to Build -> Analyze APK... -> select your APK to analyze.
I hope this help.
I am wondering about how to obfuscate the Android application using ProGuard tool.
I've read info from http://android-sdk.appspot.com/guide/developing/tools/proguard.html.
But no luck still. I've set to enable configuration for ProGuard tool in default.properties file added following line:
proguard.config=proguard.cfg
Then build the project. And was looking to generate "mapping.txt". But not generated.
Can you suggest me where I am wrong ?
Thanks in advance.
ProGuard only runs when making external builds, not internal development builds. Use File->Export->Android->Export Android Application
ProGuard is only integrated in the Android build process as of the Android 2.2 SDK. You may have to update to the latest SDK and then update the project with "android update project".
Furthermore, ProGuard is only applied in release builds: "ant release".
Your doing nothing wrong. In addition to setting the config file as you indicated you might also need to set debuggable=false in the android manifest.