How to Add Code Obfuscation for My Android Application

How to add Code Obfuscation for my android application

Use the below code to get your solution.

android {
    buildTypes {
            debug {
                minifyEnabled false
                proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
                zipAlignEnabled true
                shrinkResources false
            }
            release {
                debuggable false
                // Enables code shrinking, obfuscation, and optimization for only
                // your project's release build type.
                minifyEnabled true

                // Includes the default ProGuard rules files that are packaged with
                // the Android Gradle plugin. To learn more, go to the section about
                // R8 configuration files.
                proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'

                zipAlignEnabled true

                // Enables resource shrinking, which is performed by the
                // Android Gradle plugin.
                shrinkResources true
            }
        }
     }

TODO update proguard

#Specifies not to ignore non-public library classes.
-dontskipnonpubliclibraryclasses

#Specifies not to ignore package visible library class members
-dontskipnonpubliclibraryclassmembers

-optimizationpasses 5
#Specifies that the access modifiers of classes and class members may have become broad during processing. This can improve the results of the optimization step.
-allowaccessmodification
#Specifies that interfaces may be merged, even if their implementing classes don't implement all interface methods. This can reduce the size of the output by reducing the total number of classes.
-mergeinterfacesaggressively

#Specifies to apply aggressive overloading while obfuscating. Multiple fields and methods can then get the same names, This option can make the processed code even smaller
#-overloadaggressively

#Specifies to repackage all packages that are renamed, by moving them into the single given parent package
-flattenpackagehierarchy

#Specifies to repackage all class files that are renamed, by moving them into the single given package. Without argument or with an empty string (''), the package is removed completely.
-repackageclasses

#For example, if your code contains a large number of hard-coded strings that refer to classes, and you prefer not to keep their names, you may want to use this option
-adaptclassstrings
#Specifies the resource files to be renamed, all resource files that correspond to class files are renamed
-adaptresourcefilenames

#Specifies the resource files whose contents are to be updated. Any class names mentioned in the resource files are renamed
-adaptresourcefilecontents

#Specifies not to verify the processed class files.
#-dontpreverify

-verbose

#Specifies to print any warnings about unresolved references and other important problems, but to continue processing in any case.
-ignorewarnings

# ADDED
#-dontobfuscate
#-useuniqueclassmembernames

# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations
-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

-assumenosideeffects class android.util.Log {
    public static boolean isLoggable(java.lang.String, int);
    public static *** d(...);
    public static *** v(...);
    public static *** i(...);
    public static *** w(...);
    public static *** e(...);
}

Obfuscation in Android Studio

• Basic Obfuscation

To obfuscate code in Android studio just go to your build.gradle file in your Android Studio project:

Change the minifyEnabled property from false to true

This is a basic Obfuscation.

After generating the apk you can see the obfuscation result by decompiling the apk with any software. This page could help you:

http://www.decompileandroid.com/

In the obfuscation result you will see classes with name: a,b,c....

And the obfuscation variables and methods will have also names like aa,c,ac...

• Normal obfuscation:

To obfuscate the code in a more complex form you could go to your root directory app and create a .pro file. For example in the following picture I have created the file: proguard-rules-new.pro. In the same directory you should see a file called proguard-rules.pro

Now add the file you have created to the build.gradle file

And edit the .pro file you have create with your own custom proguard rules

Obfuscate code not working in android

it seems you are not enable progurad enable it by add this to your app build.gradle

buildTypes {
        release {
            debuggable false
            minifyEnabled true
            shrinkResources true
            useProguard true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
            signingConfig signingConfigs.release
        }
    }

how to obfuscate android apk

Open proguard-rules.pro for editing and add this:

# Uncomment this to preserve the line number information for
# debugging stack traces.
-keepattributes SourceFile,LineNumberTable

# If you keep the line number information, uncomment this to
# hide the original source file name.
-renamesourcefileattribute SourceFile

This will rename all of the classes to an unreadable format.

How to enable ProGuard obfuscation in Android Studio?

I figured out the problem:

Open up the proguard-rules.pro for your project and add this to the bottom:

-dontwarn java.nio.file.Files
-dontwarn java.nio.file.Path
-dontwarn java.nio.file.OpenOption
-dontwarn org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement

Basically how I solved it was this I tried to run my app in 'release' mode and got a bunch of errors similar to this guy here: https://github.com/square/okio/issues/144

I pretty much followed what he said and fixed it.

Hope this can help others with generating their APK's!

visit more detail here :

Error:Execution failed for task ':app:packageRelease'. > Unable to compute hash of /../AndroidStudioProjects/../classes.jar

Enabling ProGuard and code minification and obfuscation

When missing classes are reported at runtime for a build using R8, usually the issue it that some of the code use reflection in a way such that R8 cannot determine that a class is used by the application.

Sometimes this reflection can be in a library that the app does not have control over, and where the code is unknown. One way of moving forward in such a case is to add a -keep rule on the missing class keeping all members, and continue to do so until the app can run.

In the concrete case for this question the konsume-xml library was missing a few classes javax.xml.stream.FactoryFinder and com.bea.xml.stream.MXParserFactory at runtime, and the following rules brought them back:

-keep class javax.xml.stream.FactoryFinder {
  *;
}
-keep class com.bea.xml.stream.MXParserFactory {
  *;
}

Note, that this approach is no silver bullet, and in many cases actual knowledge about the reflection used in the library will be required.

In all circumstances, when issues like this happen it is always a good idea to reach out to the library developer so they can add these rules to their library. The library developer might also be able to make the rules more precise based on their knowledge on the actual use of reflection in the library. This issue was opened as a result of this question.

---

Related Topics