All Products
Search
Document Center

Obfuscate Android codes

Last Updated: Mar 10, 2021

Apps developed on mPaaS Android clients are compiled using Java codes which may easily be decompiled. Therefore, we need to use Android ProGuard obfuscation files to protect Java source codes.

ProGuard is a tool used to compress, optimize, and obfuscate Java bytecode files.

  • Compression refers to detection and removal of unused classes, fields, methods, and attributes.
  • Optimization refers to analysis and optimization of bytecode.
  • Obfuscation refers to the use of meaningless short variables to rename classes, variables, and methods.

The use of ProGuard makes code simpler, more efficient, and more difficult to be reversely engineered or hacked.

Prerequisites

You have configured the mPaaS project.

About this task

For the mPaaS project using the component-based scheme, each Bundle will be compiled to generate an obfuscated dex file. Therefore, obfuscation files are configured on the Bundle project basis. A Portal project generally has no code and thus obfuscation will not be enabled.

Sample code

  • Gradle configuration

       
    1. android {
    2. compileSdkVersion 23
    3. buildToolsVersion "19.1.0"
    4. defaultConfig {
    5. applicationId "com.youedata.xionganmaster.launcher"
    6. minSdkVersion 15
    7. targetSdkVersion 23
    8. versionCode 1
    9. versionName "1.0"
    10. }
    11. buildTypes {
    12. release {
    13. // Obfuscation switch, On or Off
    14. minifyEnabled true
    15. // Specify the obfuscation rule file.
    16. proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
    17. }
    18. }
    19. lintOptions {
    20. checkReleaseBuilds false
    21. // Or, if you prefer, you can continue to check for errors in release builds,
    22. // but continue the build even when errors are found:
    23. abortOnError false
    24. }
    25. }
  • Example of an obfuscation file

    The following obfuscation is a basic example (To add an additional third party library, you need to add another obfuscation. Usually the configuration files can be found on the third party library’s website) :

       
    1. # Add project specific ProGuard rules here.
    2. # By default, the flags in this file are appended to flags specified
    3. # in ${sdk.dir}/tools/proguard/proguard-android.txt
    4. # You can edit the include path and order by changing the proguardFiles
    5. # directive in build.gradle.
    6. # For more details, see [Shrink your code and resources](http://developer.android.com/guide/developing/tools/proguard.html).
    7. # Add any project specific keep options here:
    8. # If your project uses WebView with JS, uncomment the following
    9. # and specify the fully qualified class name to the JavaScript interface
    10. # class:
    11. # -keepclassmembers class fqcn.of.javascript.interface.for.webview {
    12. # public *;
    13. # }
    14. -optimizationpasses 5
    15. -dontusemixedcaseclassnames
    16. -dontskipnonpubliclibraryclasses
    17. -dontpreverify
    18. -verbose
    19. -ignorewarnings
    20. -optimizations !code/simplification/arithmetic,!field/*,!class/merging/*
    21. -keep public class * extends android.app.Activity
    22. -keep public class * extends android.app.Application
    23. -keep public class * extends android.app.Service
    24. -keep public class * extends android.content.BroadcastReceiver
    25. -keep public class * extends android.content.ContentProvider
    26. -keep public class com.android.vending.licensing.ILicensingService
    27. -keep public class com.alipay.mobile.phonecashier.*
    28. -keepnames public class *
    29. -keepattributes SourceFile,LineNumberTable
    30. -keepattributes *Annotation*
    31. #-keep public class * extends com.alipay.mobile.framework.LauncherApplicationAgent {
    32. # *;
    33. #}
    34. #-keep public class * extends com.alipay.mobile.framework.LauncherActivityAgent {
    35. # *;
    36. #}
    37. -keepclasseswithmembernames class * {
    38. native <methods>;
    39. }
    40. -keepclasseswithmembernames class * {
    41. public <init>(android.content.Context, android.util.AttributeSet);
    42. }
    43. -keepclasseswithmembernames class * {
    44. public <init>(android.content.Context, android.util.AttributeSet, int);
    45. }
    46. -keepclassmembers enum * {
    47. public static **[] values();
    48. public static ** valueOf(java.lang.String);
    49. }
    50. -keep class * extends java.lang.annotation.Annotation { *; }
    51. -keep interface * extends java.lang.annotation.Annotation { *; }
    52. -keep class * implements android.os.Parcelable {
    53. public static final android.os.Parcelable$Creator *;
    54. }
    55. -keep public class * extends android.view.View{
    56. !private <fields>;
    57. !private <methods>;
    58. }
    59. -keep class android.util.**{
    60. public <fields>;
    61. public <methods>;
    62. }
    63. -keep public class com.squareup.javapoet.**{
    64. !private <fields>;
    65. !private <methods>;
    66. }
    67. -keep public class javax.annotation.**{
    68. !private <fields>;
    69. !private <methods>;
    70. }
    71. -keep public class javax.inject.**{
    72. !private <fields>;
    73. !private <methods>;
    74. }
    75. -keep interface **{
    76. !private <fields>;
    77. !private <methods>;
    78. }
    79. # for dagger
    80. -keep class * extends dagger.internal.Binding
    81. -keep class * extends dagger.internal.ModuleAdapter
    82. -keep class **$$ModuleAdapter
    83. -keep class **$$InjectAdapter
    84. -keep class **$$StaticInjection
    85. -keep class dagger.** { *; }
    86. -keep class javax.inject.**{ *; }
    87. -keep class * extends dagger.internal.Binding
    88. -keep class * extends dagger.internal.ModuleAdapter
    89. -keep class * extends dagger.internal.StaticInjection
    90. # for butterknife
    91. -keep class butterknife.* { *; }
    92. -keep class butterknife.** { *; }
    93. -dontwarn butterknife.internal.**
    94. -keep class **$$ViewBinder { *; }
    95. -keepclasseswithmembernames class * {
    96. @butterknife.* <fields>;
    97. }
    98. -keepclasseswithmembernames class * {
    99. @butterknife.* <methods>;
    100. }
Notes:If the framework classes ‘LauncherApplicationAgent’ and ‘LauncherActivityAgent’ are defined in your Bundle project, the anti-obfuscation settings must be configured.
  • Avoid obfuscating general-purpose components

    If General-purpose components are registered to metainfo.xml, the compiler will check the presence of these components. Please avoid obfuscating these components, or the compilation will fail. For example, when the following components are registered:

       
    1. <metainfo>
    2. <service>
    3. <className>com.mpaas.cq.bundleb.MyServiceImpl</className>
    4. <interfaceName>com.mpaas.cq.bundleb.api.MyService</interfaceName>
    5. <isLazy>true</isLazy>
    6. </service>
    7. </metainfo>

    In the obfuscation configuration, you need to add:

       
    1. -keep class com.mpaas.cq.bundleb.MyServiceImpl
    2. -keep class com.mpaas.cq.bundleb.api.MyService

    ProGuard Help Manual