Android Proguard

There’s been a recent increase in popularity of Internet of Things, DIY boards and entry-level devices. The consequence has been a step back from writing large apps in favor of smaller ones. ProGuard is here to help keep apps as small as can be.

Smaller apps download, install and run faster. This is important for the business. The more time spent onboarding, the higher the chance the user is going to abandon your app and try something else.

What is Proguard?

Proguard is a free Java class file shrinker, optimizer, obfuscator, and verifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names.

  1. Code shrinking — detects and removes unused classes, fields, methods, and attributes. For example, if you use only a few APIs of a library dependency, shrinking can identify library code that your app is not using and remove only that code from your app. To learn more, go to the section about how to shrink your code.
  2. Resource shrinking — removes unused resources from your packaged app, including unused resources in your app’s library dependencies. It works in conjunction with code shrinking such that once unused code has been removed, any resources no longer referenced can be safely removed as well. To learn more, go to the section about how to shrink your resources.
  3. Optimization — analyzes and optimizes the bytecode of the methods. inspects and rewrites your code to further reduce the size of your app’s DEX files. For example, if R8 detects that the else {} branch for a given if/else statement is never taken, R8 removes the code for the else {} branch. To learn more, go to the section about code optimization.
  4. 4. Obfuscation — renames the remaining classes, fields, and methods using short meaningless names. shortens the name of classes and members, which results in reduced DEX file sizes. To learn more, go to the section about how to obfuscate your code.

Why Proguard for Android?

Android Applications are quite easy to reverse engineer, so if you want to prevent this from happening, you should use Proguard for its main function: Obfuscation. The other two important functions of Proguard are Shrinking and Optimization. Shrinking eliminates unused codes and it is highly useful. Optimization operates with java bytecode, though, since Android runs on special bytecode which is converted from java bytecode some optimizations won’t work well.

Proguard Benefits

Proguard obfuscates your code by removing unused code and renaming classes, fields, and methods with semantically obscure names which make the code base, smaller and more efficient. The result is a smaller sized .apk file that is more difficult to reverse engineer.

Enabling ProGuard in Android Studio

Below is a sample of how to enable default ProGuard in Android Studio.

  1. Proguard is integrated into the Android build system.
  2. Proguard runs only when you build your application in release mode.
  3. Having Proguard run is completely optional, but highly recommended.
  4. Go to the build.gradle file of the app
  5. Enable the proguard minifyEnabled true
  6. Enable shrinkResources true to reduce the APK size by shrinking resources.
  7. proguardFiles getDefaultProguardFile('proguard-android.txt') to enable the default one. If you want to use your own proguard file then use the below rules.
buildTypes {release {debuggable falseminifyEnabled trueshrinkResources trueproguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'}debug {debuggable trueminifyEnabled trueshrinkResources trueproguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'}}

8. Android Studio adds proguard-rules.pro file at the root of the module, which helps to add custom Proguard rules.

Drawbacks

1. Potential misconfiguration causes the app to get a crash.

2. Additional testing is required

3. Stacktraces are difficult to read with obfuscated method names.

4. ClassNotFoundExceptions, which happens when Proguard strips away an entire class that application calls.

Reminder

So, now let’s look at the important points that should be considered while applying the Proguard in your application.

  • Do not forget to add the Proguard rules in proguard-rules.pro file for any library that you have included in your project.

Let say you are using ABCD library, you will have to add the following rule

-dontwarn abcd.**
  • Add the rule for the classes on which you do not want to apply Proguard using keep class.

Let say you do not want to obfuscate the class Sample.java, then you have to add the following rule:

-keep class com.example.budh**
  • Do not use something like AwesomeFragment.class.getSimpleName() as a fragment TAG. Proguard may assign the same name (A.class) to two different fragments in different packages while obfuscating. In this case, two fragments will have the same TAG. It will lead to the bug in your application.
  • Keep your mapping file of the Proguard to trace back to the original code. You may have to upload it at different places like PlayStore Console for seeing the original stack-trace of the crashes.

If you still have some doubts about the proguard in android, please leave a comment. I will be happy to discuss this with you.

Thanks for the support!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store