Posted on

Android ProGuard Tips


android proguard

Designed by Freepik

So we all use ProGuard for our release builds, because it’s enabled by default, but what is it and how it works? Let’s see at the core principles and one of the most common customization of rules.

Basics

At it’s core ProGuard reduces the size of APK and makes it harder to reverse engender your APK, by using those three steps: Shrining, Optimizing and Obfuscating. You enable ProGuard with those┬álines

 

As you see in proguardFiles we have two of them. One is default and another one is in our project. Our own ProGuard rules we add to the project’s file. But let’s see what we have enabled by default in proguard-android.txt file

You can open that file in your Android SDK folder tools/proguard/proguard-android.txt. It has some rules, if you want to read more details about them, you can get it here

Shrinking

The first step is shrinking, what it means is ProGuard removes classes, methods, fields that it thinks are not being used. This could cause some issues, that’s why we have a keep┬árule so that ProGuard doesn’t touch it.

Optimization

This one is very interesting, it’s actually goes through the code, removes unused if/else, improves algorythms, removes recursion. But it’s not enable by default, to enable it use proguard-android-optimize.txt

You can check this file in the same SDK/tools/proguard directory

And one of the best use cases for Optimizations is removing logging. What I quite often see is wrapping logging with this if statement

This is sooo annoying to see that. Can you imagine writing your logging like that? Well, with ProGuard you don’t need to worry about your logs ending up in release builds. What you first need is to use proguard-android-optimize.txt file as default rules and add those lines to your proguard-rules.pro

Just rebuild your project, create signed release version APK and it won’t have any logging.

How To Check That

If you really want to check by yourself, you can download dex2jar library. Extract it and run this command

If you get permission denied – then run this command first and then retry

Afther that you’ll get output_jar.jar file, Now download this program and open your output_jar.jar file with it. You’ll be able to go through the decompiled┬árelease APK code. If you see a flaw here, then keep reading

Obfuscation

What those two programs allow you to do is downloading any APK up there, going through the source code and just copying it to your app. Here comes obfuscation, it makes class, method, field names meaningless by renaming them to short random letters. If you had a class called Registration, it’s gonna be C3 in there. And variable names are super vital on understanding of what’s going on.

In fact you can even spend days and more understanding the actual source code without obfuscation, what to say about with it.

Shrinking Resources

There’s a way to remove unused resources as well, just add this line along side the minifiEnabled

This won’t go through values folder and it definitely won’t remove unused strings, so lint analyser still rules.

 

That’s it for now, if you want to read more about ProGuard rules, check this site. Don’t forget to subscribe, follow me on Twitter, Facebook, G+ and share with friends if you think this will benefit them!

 

 

 


  • mina shaker

    Excellent,thanks

  • Zaphod Beeblebroks

    How can we keep one specific method of one specific class. Let’s say Objector class has convert method with signature: public T convert(String string, Class object) ?