Is there any obfuscation tool to use with Android Studio? IntelliGuard plugin is declared to be supported by the Studio, but it doesn't work actually due to missing AntSupport plugin. I wan't able to find one in the repository. Any ideas?
P.S. Android Studio build process is based on Gradle, so I wouldn't expect to see Ant support there at all. May be I'm wrong.
Basic Obfuscation
To obfuscate code in Android studio just go to your build.gradle file in your Android Studio project:
Change the minifyEnabled property from false to true
This is a basic Obfuscation.
After generating the apk you can see the obfuscation result by decompiling the apk with any software. This page could help you:
http://www.decompileandroid.com/
In the obfuscation result you will see classes with name: a,b,c....
And the obfuscation variables and methods will have also names like aa,c,ac...
Normal obfuscation:
To obfuscate the code in a more complex form you could go to your root directory app and create a .pro file. For example in the following picture I have created the file: proguard-rules-new.pro. In the same directory you should see a file called proguard-rules.pro
Now add the file you have created to the build.gradle file
And edit the .pro file you have create with your own custom proguard rules
First enable minifyEnabled in your build.gradle file, like
minifyEnabled true
After this, add below lines in progurad-rules.txt file
-keep class yourpackage.** { *; }
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-verbose
For checking that its working fine go to:
http://www.javadecompilers.com/apktool website so that you can verify after decompilation.
It will work and your classes will be hidden completely.
Update: R8 is by default enabled in android studio version 3.4.0 and above
In android studio 3.4+, R8 is enabled by default so no need to add additional property though you can opt for deep optimizations by adding fullMode property in gradle.properties as:
android.enableR8.fullMode=true
You can disable R8 and enable proguard by adding following properties in gradle.properties as:
android.enableR8 = false
useProguard = true
Android September 2018 release a new tool R8 shrinker and obfuscation tool.
R8 - R8 is a java code shrinker and minifying tool that converts java byte code to optimized dex code
For AS version below 3.4.0.
Open gradle.properties
Add android.enableR8 = true
as
# Specifies the JVM arguments used for the daemon process.
# The setting is particularly useful for tweaking memory settings.
org.gradle.jvmargs=-Xmx1536m
# When configured, Gradle will run in incubating parallel mode.
# This option should only be used with decoupled projects. More details, visit
android.enableR8 = true
Minimum Requirements:
Android studio 3.2 September 2018 release or above
Java 8
R8 Tool
R8 supports Proguard:
Keep in mind, R8 is designed to work with your existing ProGuard rules, so you’ll likely not need to take any actions to benefit from R8. However, because it’s a different technology to ProGuard that’s designed specifically for Android projects, shrinking and optimization may result in removing code that ProGuard may have not. So, in this unlikely situation, you might need to add additional rules to keep that code in your build output.
To Disable R8 in AS 3.4.0 and above:
# Disables R8 for Android Library modules only.
android.enableR8.libraries = false
# Disables R8 for all modules.
android.enableR8 = false
Note: For a given build type, if you set useProguard to false in your app module's build.gradle file, the Android Gradle plugin uses R8 to shrink your app's code for that build type, regardless of whether you disable R8 in your project's gradle.properties file.
Proguard is well-supported on Android studio. You have to configure Gradle to run it. Instructions: http://tools.android.com/tech-docs/new-build-system/user-guide#TOC-Running-ProGuard
after setting minifyEnabled to true there are two version of apk you can get, so that you have to add debug option in your build.gradle to obfuscate debug one:
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
debug {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
sync, build and build apk
Related
I have a complicated build setup for an android app which basically consists of a normal android app fused together with a Xamarin/Mono project in order to include an important C# library (like this: https://github.com/royd/KotlinAppWithXamarinDependency)
Everything is working fine except if I enable minification in my app/build.gradle via minifyEnabled true the app instantly crashes on startup because the Mono-runtime can't find native assemblies that are definitely contained in the apk.
This is the message I get in Logcat:
A/monodroid: No assemblies found in '(null)' or '<unavailable>'. Assuming this is part of Fast Deployment. Exiting...
With minifyEnabled false everything is working fine so I tried disabling all config options in my proguard-rules.pro:
-dontobfuscate
-dontoptimize
-dontshrink
And I also added the following lines to my app/build.gradle
packagingOptions {
doNotStrip "*/armeabi/*.so"
doNotStrip "*/armeabi-v7a/*.so"
doNotStrip "*/x86/*.so"
}
Unfortunately all this doesn't help.
I also decompiled a working and a broken apk with dex2jar to compare the bytecode. It seems to be exactly the same except for some enum-optimizations that shouldn't matter.
According to the error message in Logcat the error seems to be thrown from the native library libmonodroid.so.
So my question: What does minifyenabled flag do when all these config options are disabled?
Edit:
I have found out that minification works as intended when I use version 4.0.1 of Android Gradle Plugin (from July 2020). Upgrading the version to 4.1.0 (August 2020) breaks my app. Now the question is what changed between these two versions?
When you set the minifyenabled as true. The r8 will choose the configuration files but not only the proguard-rules.pro and the app/build.gradle to shrink, obfuscate, and optimize your app.
There are some others files such as AAR libraries: <library-dir>/proguard.txt and
JAR libraries: <library-dir>/META-INF/proguard/ and so on. So this error may be caused by the native library losing when you set the set the minifyenabled as true.
If you need more information, please check the official document:https://developer.android.com/studio/build/shrink-code#enable
In addition, you can check the 'proguard-android-optimize.txt' and when you add the -dontoptimize to proguard-rules.pro may cause a conflict.
I found out, that in the Android Gradle Plugin versions 3.6.0 to 4.1.0 they switched to a more performant tool for building apks called zipflinger.
This tool can be disabled by adding this line to my gradle.properties:
android.useNewApkCreator=false
When building the apk zipflinger stores the external .NET assemblies as DEFLATED zip entries instead of STORED and thats why monodroid cant read them.
References:
https://github.com/xamarin/xamarin-android/issues/6838#issuecomment-1110816027
https://copyfuture.com/blogs-details/20210119115509664T
I was reading an article about Proguard in Android Studio their is a line
Proguard comes out of the box in android Studio
Can anyone please explain this to me? If you are interested to read the completed article I'll put the link below.
Article Link
It means that proguard is bundled together with your default android project and you do not need to download it from outside via gradle or maven
android {
buildTypes {
release {
// Enables code shrinking, obfuscation, and optimization for only
// your project's release build type.
minifyEnabled true// Enables resource shrinking, which is performed by the
// Android Gradle plugin.
shrinkResources true// Includes the default ProGuard rules files that are packaged with
// the Android Gradle plugin. To learn more, go to the section about
// R8 configuration files.
proguardFiles getDefaultProguardFile(
'proguard-android.txt'),
'proguard-rules.pro'
}
}
...
}
Ref:More on proguard usage in android
Since the 3.5 update of Android Studio, I have this warning when building my app :
DSL element 'useProguard' is obsolete and will be removed soon. Use
'android.enableR8' in gradle.properties to switch between R8 and
Proguard..
Removing "useProguard" from build.gradle fixed the problem for me, like:
release {
minifyEnabled true
//useProguard true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
Update 2022, or Details; R8 is nowadays:
By default enabled,
And it simply replaces ProGuard,
But supports existing .pro files (and there should be no need to reconfigure).
Also, any way to disable R8, or use ProGuard instead, is deprecated (or even removed).
But debug flavors can set debuggable true, and continue to be debuggable line-by-line.
set the following in your project's gradle.properties file
android.enableR8=true
R8 also has full mode that is not directly compatible with Proguard. In order to try that out you can additionally set the following in your gradle.properties file
android.enableR8.fullMode=true
This turns on more optimizations, that can further reduce app size. However, you might need a few extra keep rules to make it work.
At a glance, when you build you project using Android Gradle plugin 3.4.0 or higher, the plugin no longer uses ProGuard to perform compile-time code optimization. Instead, the plugin works with the R8 compiler by default to handle the Shrink, obfuscate, and optimize your app. However, you can disable certain tasks or customize R8’s behavior through ProGuard rules files.
In fact, R8 works with all of your existing ProGuard rules files, so updating the Android Gradle plugin to use R8 should not require you to change your existing rules.
When you use Android Studio 3.4 or Android Gradle plugin 3.4.0 and higher, R8 is the default compiler that converts your project’s Java bytecode into the DEX format that runs on the Android platform. However, when you create a new project using Android Studio, shrinking, obfuscation, and code optimization is not enabled by default. You may enable them using the below code -
android {
buildTypes {
release {
// Enables code shrinking, obfuscation, and optimization for only
// your project's release build type.
minifyEnabled true
// Enables resource shrinking, which is performed by the
// Android Gradle plugin.
shrinkResources true
// Includes the default ProGuard rules files that are packaged with
// the Android Gradle plugin. To learn more, go to the section about
// R8 configuration files.
proguardFiles getDefaultProguardFile(
'proguard-android-optimize.txt'),
'proguard-rules.pro'
}
}
...
}
For the more adventurous, R8 also has full mode. In order to try that out you can additionally set the following in your gradle.properties file.3
android.enableR8.fullMode=true
This turns on more optimizations, that can further reduce app size. However, you might need a few extra keep rules to make it work. Learn more here - https://youtu.be/uQ_yK8kRCaA
R8 is the default tool available in Android Studio 3.4 onwards. There is no need to explicitly enable R8. Just remove the useProguard true line from the app/build.gradle file.
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
Do I need to remove Proguard related code from Gradle when using R8?
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
You don't actually remove the proguard rules, as R8 works with Proguard rules in compat mode. For more details, please refer to https://android-developers.googleblog.com/2018/11/r8-new-code-shrinker-from-google-is.html.
R8 is available with Android Studio 3.3 beta and works with Proguard rules. To try it, set the following in your project's gradle.properties file:
android.enableR8=true
But for the full mode, it is not directly compatible with Proguard.
Edit #1
Check here for how to migrate Proguard to R8: Android/java: Transition / Migration from ProGuard to R8?
In my android app, i want to test some features with proguard on.
I don't need to really "debug" it, but i want proguard to run when i hit run in eclipse. I don't want to export the binary every time (so, in release mode) and save as apk and get it to the device to test.
Is there any way to run proguard in this way?
Update:
It seems like this is possible if you are not using Eclipse; as question title does not include Eclipse, there are multiple correct answers to this question.
If you want to make the whole build process easier for you, you should switch over to gradle and Android Studio IDE.
Then you could easily add the following to your build.gradle file to run ProGuard:
android {
buildTypes {
release {
}
debug {
minifyEnabled true
proguardFile 'proguard-android.txt'
zipAlignEnabled true
}
}
}
This will run ProGuard on your debug build, configured with the file "proguard-android.txt", which should be put at your project's root folder. And in addition your apk is being zip aligned (Just remove "zipAlignEnabled true", if you don't want that to happen). If you want to do the same for your release build, just add those three lines under "release".
Slightly off-topic: Stuff like adding dependencies, signing your apk or adding other custom tasks to your build process is also way more uncomplicated with gradle. In addition you'll be able to not only build your apk via Android Studio IDE, but also via a simple command on the command line (e.g. ./gradlew assembleDebug). So if you are working on a team, the setup process for new members is just one "./gradlew assembleDebug" away. Without the need for any IDE configuration at all. Importing your project including all dependencies is as simple as a one-click process
EDIT:
As of Gradle Android Build Tools version 0.14.0 the property names have changed (http://tools.android.com/tech-docs/new-build-system):
BuildType.runProguard -> minifyEnabled
BuildType.zipAlign -> zipAlignEnabled
I've updated the above code.
Old Answer :
http://developer.android.com/tools/help/proguard.html
ProGuard runs only when you build your application in release mode, so you do not have to deal with obfuscated code when you build your application in debug mode.
When you build your application in release mode, either by running ant release or by using the Export Wizard in Eclipse, the build system automatically checks to see if the proguard.config property is set. If it is, ProGuard automatically processes the application's bytecode before packaging everything into an .apk file. Building in debug mode does not invoke ProGuard, because it makes debugging more cumbersome.
Update: 13-3-2016
It is possible with the new gradle build system. You need to set minifyEnabled to true in your build.gradle file. Generally you have pro-guard running in release mode. There are other options available like shrinking resources. You can find some useful info # http://tools.android.com/tech-docs/new-build-system
Also do have a look #
http://developer.android.com/tools/building/configuring-gradle.html
android {
...
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
debug {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
Regarding custom Ant builds (and based on Victor's answer), adding the following to my build.xml file works for me:
<target name="-debug-obfuscation-check">
<!-- enable proguard even in debug mode -->
<property name="proguard.enabled" value="true"/>
<!-- Secondary dx input (jar files) is empty since all the jar files will be in the obfuscated jar -->
<path id="out.dex.jar.input.ref" />
</target>
Notice that I had to override (actually pre-set) the out.dex.jar.input.ref; otherwise, the later running of dx will attempt to merge non-disjoint jars and throw the DexException: Multiple dex files define Xxx.
It is possible if you build with Ant. See Android custom build using Ant on how to build your project with ant. Then, simply override in the project's build.xml the target "-debug-obfuscation-check" and set proguard.enabled to true:
<target name="-debug-obfuscation-check">
<!-- proguard is never enabled in debug mode -->
<property name="proguard.enabled" value="true"/>
</target>
With Android Studio you can use -dontobfuscate option in your Proguard rules file and debugger will work fine. I'm not sure if it works with Eclipe as well.
If you are using AGP (Android Gradle Plugin) 7.2.0 or newer, beware that we have a bug open without a solution so far. Workaround as of now is to downgrade AGP to 7.1.3 so you can obfuscate your debug APK.
https://issuetracker.google.com/issues/242214899?pli=1