It is very very hard to use the crash reports without knowing the line numbers. Also you cannot debug the code without line numbers as well.
Is there a specific reason to disable the line numbers when using ProGuard?
Thank you.
By default, ProGuard strives for the leanest possible application. It removes all elements from your code that are not strictly necessary for running it. You can preserve line numbers if you expect you'll need them, at the price of a very small increase in application size.
Related
In my application I'm using a class Cs for doing the logging part.
It already has a DEBUG field which is set to true/false depending on the build type.
Everything is working good so far but I want to improve this a bit so I'm trying to find way to automatically comment these lines. This will avoid some problems that might appear due a log.
Ex:
1. StringBuilder messages = getSomeMessages()
2. Cs.e(TAG, messages.toString());
When line 2 is commented the app won't crash if the messages is null.
Also if I remove these lines in release but keep them in debug version it will be hard to detect the errors from stacktrace because the lines number won't match anymore.
My question is: It is possible to tell Proguard to comment all the lines which start with some characters (Cs in my case)?
Thank you
Also if I remove these lines in release but keep them in debug version it will be hard to detect the errors from stacktrace because the lines number won't match anymore.
For starters, your assumption that commented lines would make it into the compiled class/dex files is incorrect. This will not differ between debug and release builds.
Secondly, by optimising and/or obfuscating, Proguard will most likely modify your code in such a way that line numbers will no longer match up with your original source. That's exactly why it generates a mapping file (generally just mapping.txt): so that a stack trace can be de-obfuscated (or: retraced).
When line 2 is commented the app won't crash if the messages is null.
StringBuilder messages = getSomeMessages()
Cs.e(TAG, messages.toString());
Correct. But if you're after improving your code and its robustness, why not guard the log with a null check?
For example: only log something if there are actually messages:
if (messages != null) Cs.e(TAG, messages.toString());
Or: log some indication that there were no messages:
Cs.e(TAG, messages != null ? messages.toString() : "<empty>");
I'm not sure what kind of logger Cs wraps, but consider leveraging the functionality of Android's own Log class. That is, if you're really logging an error for development purposes, using Verbose or Debug log levels will make more sense. These are automatically stripped away (at resp. compilation time and runtime) and as such you don't have to worry about accidentally generating an exception in your production builds when logging.
Alternative, you can also easily wrap any debug logging with a check for the auto-generated BuildConfig.DEBUG flag - it sounds like you're already doing that.
I am trying to use proguard to obfuscate the code of my Android app.
My problem is that some screen of my app work fine, some others show a blank screen (not entirely blank though, for example my top title bar display correctly, but the rest of the content is blank).
I have started with the basic settings:
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
Then, in proguard-project.txt, I have tried to add:
-keep class {my.package.name}.** { *; }
No change
Then
-dontskipnonpubliclibraryclassmembers
No change
Then
-dontobfuscate
which obviously solved the problem but then there is no point since I want to obfuscate my code.
Any idea?
Look at the output ProGuard creates; it will tell you what classes got renamed and what classes got deleted (because they appear to be unused). You will need to modify your config to nether rename nor delete these classes of course. Typically, you can find an interaction between your AndroidManifest.xml and the pieces that are missing after obfuscation (and your logcat might even tell you what is missing). Less likely is that use of reflection led ProGuard to not realize the importance of keeping these things in tact.
If you decide you need full obfuscation for the things that are being altered yet are necessary, you'll need to create thin object proxys that are safe from obfuscation and know how to get to the real classes.
We usually put logs to check if some code block executes or not.
But we generally don't remove it before publishing the app.I don'y know about other but i have fond of that feature and using it fluently in my apps.Can any one tell me that what will be the effect on system memory of writing any of the Log.x() (where X=v,e,w,i,d) forms.
Do anyone help me clear some concepts?
Definitely there will be a lot of effect on Memory usage, APK file size and Performance.
Besides, You must remove all the Logs before publishing the app.
Of course, once you remove all the Logs and publish it, its pain to rewrite them.
Hence use Proguard which removes all the Logs from the ByteCode, but doesn't effect the source code.
Apart from removing Logs, Proguard helps in performance enhancement by Obfuscating you code, removing unused methods, variables etc.. All that depends on how you configure it.
Enabling ProGuard in Eclipse for Android
How to avoid reverse engineering of an APK file?
The logs get saved in memory.thereby consuming memory space.We should remove the debug logs before releasing ,Only error logs should be there.
YES Definately.
And To make Logs efficient always try to use a Boolean flag like:
boolean debug = true or false;
and wherever you use log.d("ClassName","message"); write it as
if(debug) log.d("ClassName","message");
and so you can manage the logging(Logs) with a single Boolean flag.
thanks.
It depends on how many logs you use. Surely it will affect the application.So before releasing app, use this.
android:debuggable="false"
As the answers to this question ( A URL specified in a separate line in Java doesn't issue compile-time errors. Why? ) states you can add code labels on the code without having compilation errors.
Even more, using http:// will work as it will be considered a code label, and a comment.
So I was thinking...
Can I add a number of random code labels (including urls) to the code with proguard to make it even less readable?
Of course I could add them by hand, but that would be a good solution, as it would polute the original code, and what I want it just on release compiled code.
I wanted to do this on Android apps, that's why I'm focusing on proguard (an out of the box solution for Android obfuscation).
You could check AspectJ which allows to create custom modifications of the byte code during build.
However I would not do that. Have you checked if java decompilers show your URLs?
You better optimize your obfuscation such that there is as little as possible in clear text.
No, such labels won't affect the compiled code at all.
A label (be it "http:" or "somelabel:") doesn't show up in the compiled code, not even as debug information. It is only useful in combination with break statements.
A comment (be it "//www.example.com/path" or "//somecomment") doesn't get compiled in either. It is only useful to clarify the source code.
Since java bytecode doesn't represent labels or comments, ProGuard can't add them either. ProGuard also doesn't add unnecessary goto statements
Android app submission says, remove any logging before submission. Have a few question on this one
Is System.out.println considered as logging? How can I disable it across the app without having to remove it on by one
Tried android:debuggable="false" inside manifest, but eclipse says "Avoid hardcoding the debug mode; leaving it out allows debug and release builds to automatically assign one"
I have some third party jar files that shows Log statement when I test my app. How can I remove them, considering I don't have the source.
Suggestions are highly appreciated.
I'm sure you've come across the fact that you can do the if(GLOBAL_VALUE) trick, because your logs are already there!
Therefore, my suggestions is to use Proguard; http://developer.android.com/tools/help/proguard.html
The following proguard.cfg chunk instructs to remove Log.d calls.
-assumenosideeffects class android.util.Log {
public static *** d(...);
}
You can do it for other calls like Log.i, Log.e, etc based on the value you put there!
As for your Jar, if it is referencing the Android Log system, ProGuard should take care of that.