Apps developed on mPaaS Android clients are compiled using Java codes which may easily be decompiled. Therefore, we need to use Android ProGuard obfuscation files to protect Java source codes.
ProGuard is a tool used to compress, optimize, and obfuscate Java bytecode files.
Compression refers to detection and removal of unused classes, fields, methods, and attributes.
Optimization refers to analysis and optimization of bytecode.
Obfuscation refers to the use of meaningless short variables to rename classes, variables, and methods.
The use of ProGuard makes code simpler, more efficient, and more difficult to be reversely engineered or hacked.
Prerequisites
You have configured the mPaaS project.
About this task
For the mPaaS project using the component-based scheme, each Bundle will be compiled to generate an obfuscated dex file. Therefore, obfuscation files are configured on the Bundle project basis. A Portal project generally has no code and thus obfuscation will not be enabled.
Sample code
Gradle configuration
android { compileSdkVersion 23 buildToolsVersion "19.1.0" defaultConfig { applicationId "com.youedata.xionganmaster.launcher" minSdkVersion 15 targetSdkVersion 23 versionCode 1 versionName "1.0" } buildTypes { release { // Obfuscation switch, On or Off minifyEnabled true // Specify the obfuscation rule file. proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' } } lintOptions { checkReleaseBuilds false // Or, if you prefer, you can continue to check for errors in release builds, // but continue the build even when errors are found: abortOnError false } }Example of an obfuscation file
The following obfuscation is a basic example (To add an additional third party library, you need to add another obfuscation. Usually the configuration files can be found on the third party library’s website) :
# Add project specific ProGuard rules here. # By default, the flags in this file are appended to flags specified # in ${sdk.dir}/tools/proguard/proguard-android.txt # You can edit the include path and order by changing the proguardFiles # directive in build.gradle. # For more details, see [Shrink your code and resources](http://developer.android.com/guide/developing/tools/proguard.html). # Add any project specific keep options here: # If your project uses WebView with JS, uncomment the following # and specify the fully qualified class name to the JavaScript interface # class: # -keepclassmembers class fqcn.of.javascript.interface.for.webview { # public *; # } -optimizationpasses 5 -dontusemixedcaseclassnames -dontskipnonpubliclibraryclasses -dontpreverify -verbose -ignorewarnings -optimizations !code/simplification/arithmetic,!field/*,!class/merging/* -keep public class * extends android.app.Activity -keep public class * extends android.app.Application -keep public class * extends android.app.Service -keep public class * extends android.content.BroadcastReceiver -keep public class * extends android.content.ContentProvider -keep public class com.android.vending.licensing.ILicensingService -keep public class com.alipay.mobile.phonecashier.* -keepnames public class * -keepattributes SourceFile,LineNumberTable -keepattributes *Annotation* #-keep public class * extends com.alipay.mobile.framework.LauncherApplicationAgent { # *; #} #-keep public class * extends com.alipay.mobile.framework.LauncherActivityAgent { # *; #} -keepclasseswithmembernames class * { native <methods>; } -keepclasseswithmembernames class * { public <init>(android.content.Context, android.util.AttributeSet); } -keepclasseswithmembernames class * { public <init>(android.content.Context, android.util.AttributeSet, int); } -keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String); } -keep class * extends java.lang.annotation.Annotation { *; } -keep interface * extends java.lang.annotation.Annotation { *; } -keep class * implements android.os.Parcelable { public static final android.os.Parcelable$Creator *; } -keep public class * extends android.view.View{ !private <fields>; !private <methods>; } -keep class android.util.**{ public <fields>; public <methods>; } -keep public class com.squareup.javapoet.**{ !private <fields>; !private <methods>; } -keep public class javax.annotation.**{ !private <fields>; !private <methods>; } -keep public class javax.inject.**{ !private <fields>; !private <methods>; } -keep interface **{ !private <fields>; !private <methods>; } # for dagger -keep class * extends dagger.internal.Binding -keep class * extends dagger.internal.ModuleAdapter -keep class **$$ModuleAdapter -keep class **$$InjectAdapter -keep class **$$StaticInjection -keep class dagger.** { *; } -keep class javax.inject.**{ *; } -keep class * extends dagger.internal.Binding -keep class * extends dagger.internal.ModuleAdapter -keep class * extends dagger.internal.StaticInjection # for butterknife -keep class butterknife.* { *; } -keep class butterknife.** { *; } -dontwarn butterknife.internal.** -keep class **$$ViewBinder { *; } -keepclasseswithmembernames class * { @butterknife.* <fields>; } -keepclasseswithmembernames class * { @butterknife.* <methods>; }
If the framework classes ‘LauncherApplicationAgent’ and ‘LauncherActivityAgent’ are defined in your Bundle project, the anti-obfuscation settings must be configured.
Avoid obfuscating general-purpose components
If General-purpose components are registered to
metainfo.xml, the compiler will check the presence of these components. Please avoid obfuscating these components, or the compilation will fail. For example, when the following components are registered:<metainfo> <service> <className>com.mpaas.cq.bundleb.MyServiceImpl</className> <interfaceName>com.mpaas.cq.bundleb.api.MyService</interfaceName> <isLazy>true</isLazy> </service> </metainfo>In the obfuscation configuration, you need to add:
-keep class com.mpaas.cq.bundleb.MyServiceImpl -keep class com.mpaas.cq.bundleb.api.MyService