I am trying to obfuscate my simple HelloWorld project (that I just created) with ProGuard.
The configuration files are below.
[project.properties]
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
target=android-20
[proguard-project.txt]
Nothing valid. all the lines are commented.
Lastly, I created signed apk file through the menu, File - Export - Export Android Application,
with a new key.
To make sure that the apk is obfuscated properly, I unzip the apk and decompiled classes.dex to view the inner class files. but NOT obfuscated at all. all the function names in MainActivity.java are
still the same.
Anything I missed out?
Thank you.
Look at the "Enabling ProGuard" section at http://developer.android.com/tools/help/proguard.html to see exactly how ProGuard determines which configuration file(s) to use. Look carefully at the different ways to specify the file(s) for Eclipse builds vs. Android Studio (or Gradle) builds. The ProGuard configuration files delivered with the SDK are simple starting points (examples) that almost certainly will not do exactly what you want. You should copy them to an appropriate location and change them as needed for your particular needs.
In Android Studio, where are the ProGuard mapping files generated after compiling a signed APK?
I'm not sure if it isn't working or if I just forgot the file path, and my compulsory Google/Stack Overflow search did not answer this
It should be located at build/outputs/proguard/release/mapping.txt in your application module's directory.
In the latest version of ProGuard and Android Studio, the file is located at build/outputs/mapping/release/mapping.txt.
For me they are at 'build/outputs/mapping/release'
I found it cleaner to configure proguard to write the mapping.txt file to a location outside of the build/ directory tree, so that it could be more conveniently checked into version control.
To achieve this, put this in your proguard-rules.pro file:
-printmapping mapping.txt
This will (most likely) place it in the same directory as your proguard-rules.pro file. Ultimately, you probably want to write it to the same directory as your APK file and with an equivalent name (which might include flavor, build type etc).
Note: in my experience, this is not overruled by the proguard template file (which was suggested by a commenter to another answer here).
UPDATE: If you have multiple product flavors, then this is a much better solution: https://stackoverflow.com/a/31116608/444761
I found that it was not being generated, so I added this to the rules file
-printmapping build/outputs/mapping/release/mapping.txt
Its quite late to answer this question but just in case someone need my answer.
Location of Mapping file to deobfuscate:
ProGuard saves the file in the app
app/build/outputs/mapping/FLAVOR/release/mapping.txt
Generally in debug mode you don't need the mapping file because there generally obfuscation is disabled.
If it is not that case then make sure in build.gradle file you have below code for debug variant.
debug {
minifyEnabled false
debuggable true
}
Some Gotchas:
mapping.txt file gets overwritten every time you create a release build with ProGuard, so first take backup of that file before creating a new release. It will help to obfuscated stack trace from an older version of your app.
Apart from that there are two ways to obfuscate your code :
1. Upload your mapping.txt file to Google play Console:
When publishing your app on Google Play, you can upload the mapping.txt file for each version of your APK. Then Google Play will deobfuscate incoming stack traces from user-reported issues so you can review them in the Google Play Console.
2. Use local sdk tool retrace.sh/retrace.bat:
Some times you want to run the release version of your app(by changing build variant to release and running it) to cross check and fix the errors so that it does not happens in production ( when released to play-store).
To convert an obfuscated stack-trace to a readable one yourself, use the retrace script (retrace.bat on Windows; retrace.sh on Mac/Linux).
It is located in the <sdk-root>/tools/proguard/bin/ directory.
<sdk-root> is the place where your all android libraries and sdks were installed.
The script takes the mapping.txt file and your stack trace, producing a new, readable stack trace.
Command Syntax:
retrace.bat|retrace.sh [-verbose] mapping.txt [<stacktrace_file>]
For example:
retrace.bat -verbose mapping.txt obfuscated_trace.txt
I prefer local version of obfuscating as is quite handy to pre-check production errors.
I hope it helps.
Here it is in a picture - you will find it in the mapping folder:
I am using version Android Studio 2.2.2. For me it's located in the following locations:
For debug:
\app\build\outputs\mapping\debug\mapping.txt
For release:
\app\build\outputs\mapping\release\mapping.txt
If anyone is still searching for mapping.txt:
minifyEnabled in build.gradle has to be set to true
I'm using Android Studio 4.2 Beta 4 and the standard-setting was false.
If minifyEnable is set to false the build is not "minified", so a mapping-file is of course not necessary, but google-play-console asks for the mapping file anyway.
... Very confusing for a beginner
Because I'm dumb and get lost even when somebody tells me where the file is:
cd StudioProjects/fooProject
find . -name "mapping.txt" | xargs less
Proguard[About] outputs are located
<module_name>/build/outputs/mapping/<buildType>/
//e.g.
/Users/alex/Desktop/MyProject/MyModule/build/outputs/mapping/releasefree
I would like to use proguard in my application. Can anyone tell me the steps should I follow to create the cfg file. Like what is the first step I have to do, where should I create the file..etc
On Android Developer's site there is a great documentation:
http://developer.android.com/tools/help/proguard.html
In short:
In your project directory find project.properties file. You should have similar line:
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt:proguard-google-api-client.txt
In txt files you should have proguard configuration.
You should know one thing that proguard is disable (by default) if you run application in debug mode. Proguard will "start" while exporting signed app.
I am seeing some weird crashes on my Android application when I turn on proguard obfuscation. I understand I can debug this and skip obfuscation for those classes but my question is - Is it worth the risk of having the application crash on some phone or some code path that I might not have tested/exercised. For e.g this link talks about one such device specific error due to proguard.
I am close to release and am now wondering is it worth introducing proguard at this point. I understand I should have tested with it right from the start ..made a mistake.
Usually, the common problems with Proguard is not setting the correct parameters for third party libraries.
Make sure you've followed the instructions given by the third party providers as to the additions to the proguard.cfg file.
Anyhow, to disable proguard, you can always edit your project.properties file and remove the proguard.config=proguard.cfg line
I've set up proguard according to this link: http://android-developers.blogspot.com/2010/09/proguard-android-and-licensing-server.html
When I build with Ant I get no errors or warnings, but I also don't get any verbose output telling me that ProGuard is doing anything. By other means I'm able to tell that the apk is not being obfuscated.
All of my code, with the exception of the Activity class is in a library (as source files). I've read that the activity class will not obfuscated, but I'm wondering if I have to set up something different in my build files to include the library files?
Did you remove the debug line from your manifest?
This is a very old link.
Assuming you've downloaded the ADT plugin and the SDK this year, Proguard is bundled in the build process.
All you have to do is add this to default.properties:
proguard.config=proguard.cfg
Note that the obfuscation will occur only when you export a final version and not on every build.