Using Proguard in Android Application

 

Proguard is an optimizer for java bytecode. It detects and removes unused code from app and included libraries, also optimizes the bytecode. Proguard obfuscate code makes difficult to reverse engineer.

Proguard is a valuable tool for working around the 64k reference limit. Resource shrinking also works well in conjunction with code shrinking.

To enable code shrinking add minifyEnabled true to the release build type in build.gradle file.

Add custom proguard rules in proguard-rules.pro i.e. next to build.gradle file. Following common lines used in proguard-rules.pro file:-

To keeping source file and line number to view crash logs in crashlytics (Fabrics or Firebase)

Rename attributes to make it difficult for reverse engineering the file and package name.

For Jackson library add following lines:-

Also remove network model classes and methods from obfuscation as these class and method names are used by Jackson library for JSON parsing

For Facebook Library

Similarly for other libraries/sdk, we can check documentation for proguard setting and add these in our proguard-rules.pro file.

Decode obfuscated stack trace: Proguard creates a mapping.txt in the app /build/outputs/mapping/release/ directory. This mapping file is required to convert obfuscated stack trace to readable format. On Windows we can use retrace.bat for conversion to readable format (retrace.sh on Mac/Linux).

It is important to keep this mapping.txt file whenever we release build on play store. Firebase crash reporting also use this file to convert obfuscated stack trace into readable text.

Leave a Reply