I am about to finish my first Android application and I am trying to work out how to protect it with ProGuard. My apps minimum API is 7 (Android 2.1). I believe using Proguard would be easy if I set my minimum API to 9 (Android 2.3) but as a lot of devices use 2.1 and 2.2 I don't want to exclude them.
Everything I have read about using Proguard with Android seems confusing and difficult (I dont know anything about Ant scripts) Does anyone know of a step-by-step guide for using Proguard for Android with Eclipse?
Is Proguard even worth bothering with?
ProGuard has nothing to do with the API level of your app. Newer versions of the Eclipse ADT have it integrated, so using it is just a matter of adding a single line to a configuration file, you don't need to use Ant. You might get some problems if ProGurad removes methods/classes you are actually using, and you will have to work around those by tweaking the ProGurad config file.
If you find it difficult to use, you can always launch your app without obfuscating it, and add ProGuard in a later version. If it is your first app, the chances of someone decompiling it to steal your super-secret code are pretty low :)
Related
I have older version of the android studio and I am happy from that. I think in newer version of the android studio, the proguard has been updated also.
Now, I want to have the updated version of proguard in my android studio. Is it possible?
You could download a zip distribution of a newer Android release and replace files manually. However this might not work at all because of incompabilities.
I recommend you to update to the latest Version. It has improved a lot since 1.0, but it hasn't changed much (instead added) so you will be able to use it without problems. To use the newer proguard you just have to change one line per gradle script once, which is really no big deal.
Android SDK Manager does not have different proguard feature available as they have like Android support library , Android support reposatory , Google play services and many more but not proguard.
so according to me it is not possible to update only proguard in android studio.
I'm not too familiar with the Android build process, so I'm sorry if this comes off as a really stupid question.
Anyway, I'm writing testing code utilizing ActivityInstrumentationTestCase2 and Robotium for an Android application by the company I work for.
The company is rather large, so the transition to Gradle is going very slow. I would like to use Gradle for my testing project for ease and future maintainability, but right now the application I'm testing is built using a combination of ANT scripts and manual intervention with all dependencies checked in as jars in the repository. I'm not at all involved in that process, but I know it's pretty hacked together.
From what I understand, Gradle cannot simply depend on and trigger the building of another existing Android project unless that project also utilizes Gradle. So unless I want to really get my hands dirty with the build process of our application (we have people who are literally hired to only deal with that), I'm out of luck.
What I do have access to, however, are debug builds of our application.
So my question is, is there some way that I can have Gradle use the compiled debug APK as a local file dependency, or can APKs not work like that?
APKs don't work like that; you can't depend on them, for a variety of reasons. The most important reason is that the code and resources are processed and compressed and much of the original information needed to build them is lost at that point.
You'll have a tough time getting it to work properly. If things that you depend on are pure Java libraries, then if you could get them in JAR format you could depend on them from a Gradle project pretty easily. But if they're Android projects containing resources and manifest entries and such, then there isn't a compiled file format you could obtain those libraries in that would be compatible with Gradle. Gradle supports the AAR format for Android libraries, but that format is generated by Gradle and nothing else.
I have built an Android app that worked fine on Android 2.3.* and 4.0.*. However, after upgrading my device to Jelly Bean (4.1.1), I found my app does not work properly (crashes, ANRs, etc.) any more.
As a temporary workaround, I am wondering if it is possible to pack an earlier version (say Android 2.3) of the Android framework JAR into my APK and force all my code to use classes/APIs in that JAR?
I think including the JAR in my APK should be easier. But I have no idea how I could force my code to use classes/APIs in the JAR during run-time.
I know it is not a decent fix (hacking, package size, legal issue, etc.) even it will work. But I am just curious whether it is feasible.
Any suggestions or hints would be appreciated!
(Edit)
I have tried the following:
Extracted the /system/framework/framework.odex from an Android 2.3 ROM;
Deodexed it and converted it into a JAR file (say framework.jar);
I verified framework.jar and it contains the actual framework code, not stub methods;
Put framework.jar into the libs folder of my project and built out the APK;
I verified the result APK and the android framework classes are indeed included.
However, it seems my code is still using the classes/APIs of the actual version of SDK installed in the Android device. :(
(Edit)
It seems all the framework/core classes are already pre-loaded from the device (/system/framework/framework.odex) by Zygote during system boot-up time, for performance reason. So even I have included those classes in our APK, the pre-loaded ones will still be instantiated instead.
This sounds like a dead end to me... :(
As a temporary workaround, I am wondering if it is possible to pack an earlier version (say Android 2.3) of the Android framework JAR into my APK and force all my code to use classes/APIs in that JAR?
That is not possible, sorry. What you think of as "the Android framework JAR" has no code -- it is merely stub implementations of the classes and methods exposed in the Android SDK. The real Android framework resides in the firmware, and you cannot replace it.
Are the Linux capabilities (libcap.so) library available for use with Android? If not, how can I compile it?
I would like to use the capabilities-related API in sys/capabilities.h, which is included with the NDK. But when I try to call functions like cap_get_proc(), I get "undefined reference" error.
I would imagine that using this api would go way, way beyond the contract in the Android framework. It might work on some devices, but not on others.
In fact, there's no guarantee, afaik, that Android even runs under Linux. For example, the new Blackberry devices run Blackberry's proprietary OS, but still run Android apps.
Finally, the version of Linux that most Android devices run is a highly-stripped-down version. They didn't include any features that the Android API doesn't need. If Android doesn't need libcap, then it's probably not included.
Perhaps you could tell us exactly what it is you're trying to do.
Here is the link - https://github.com/scopichmu/libcap-for-Android. This is original libcap (was cloned from https://kernel.googlesource.com/pub/scm/linux/kernel/git/morgan/libcap) with supporting of android ndk build. You can build now libcap.so, setcap and getcap for android.
Lots of discussion out there on this topic... google around a bit:
http://permalink.gmane.org/gmane.comp.handhelds.android.ndk/4075
Here someone compiled it and described:
http://blog.umitproject.org/2011/05/libpcap-for-android.html
I have followed the tutorial at Scala and Android with Scala 2.7.3 final. The resulting Android App works but even the most basic application takes several minutes (!) to compile and needs 900 kb compressed, which is a show stopper for mobile applications. Additionally, the IDE runs out of memory every now and then. I assume dex is not made for big libraries like the scala-library.
So my question is: Has anyone actually done this and is there any cure for this?
I've written some basic Android applications in Scala, nothing too epic. Not being a Java programmer I was suggested to use a "treeshake", I was explained by a friend that this strips out all the unnecessary libraries from the jar files.
I have not documented it, but I found that someone else already has:
http://chneukirchen.org/blog/archive/2009/04/programming-for-android-with-scala.html
Proguard is not the only solution, you might find something that suits your work flow or is more suited for your environment.
Additionally google have just realised JACK , which deals with quite a lot of reducing build and memory times see https://source.android.com/source/jack.html
You can now use the Android plugin for Gradle to create Android applications in Scala. It incorporates the ProGuard tool to trim the fat from the resulting APK file, so seems to meet your needs.
https://github.com/jvoegele/gradle-android-plugin/wiki
There is also an plugin for the Scala-based builder sbt: sbt-android-plugin.
For tutorials and examples, see also Stéphane Micheloud's "Exploring Android" page: http://lamp.epfl.ch/~michelou/android/
I verified this detailed solution with Eclipse 3.7, Scala 2.10 and the plug-in AndroidProguardScala v50:
https://stackoverflow.com/a/11084146/1287856
Everything works fine. A simple test application with scalafied main activity class only takes 38Kb. Libraries projects are supported. Proguard is activated when exporting the project.
Developing Android apps for Scala is continuously evolving. The current best way to do it appears to SBT in conjunction with the android-sdk-plugin, which is maintained* and works well for me in my Scala/Android project. A somewhat recent example that demonstrates the use of this plugin with the already mentioned Scaloid can also be found.
Please note that this question is a typical example of a question with outdated answers on Stack Overflow. This answer will likely become outdated at some point as well.
* The other SBT based projects mentioned in this answer thread don't appear to have code being written for them in the last six months at the time of writing. They may have compatibility issues with newer versions of Scala and SBT.
If you use maven, use android-scala-test as a startup template. It works great for me out-of-the-box.
Scaloid is an Android API wrapper written in Scala that help you to write your Android program in Scala-style.
You can use the Scala on Android without SBT, it built externally by Gradle to create Android applications.
https://github.com/yareally/android-scala-intellij-no-sbt-plugin
Gradle is more native building tool for android than SBT.
There is good example of Scala client and server side solution concept, and gradle building tool as advance for IntelliJ IDEA workbench.
Big advance that core classes are common for client and server.
https://github.com/ghik/akkdroid
Good tutorial for IDEA and android-plugin:
http://fxthomas.github.io/android-plugin/
The biggest issue with Scala on Android is the compile times.
Possibly because of the Proguard class stripping compiles with IDEA13/Scala plugin on a Dual Quad Core (8-CPU) E5450 Xeon with 8GB can take two minutes or more.
I simply moved back to Java after completing a largish Scala Android project as compile times were too frustrating.