/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Enabling ProGuard for Android

DZone's Guide to

Enabling ProGuard for Android

ProGuard helps obfuscate Android code, but it also provides several ways to improve the speed of your app. Learn how to enable it here.

by
·
Feb. 07, 17 · Security Zone ·
Free Resource

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Mobile is increasingly becoming a part of every consumers’ identity, but the increasing use of this digital channel is escalating the security risks faced by consumers and institutions.

Enabling ProGuard in Android Studio is a really easy task, but I am getting this question frequently on StackOverflow, which motivated me to write this simple article.

Here is the question on StackOverflow. I have already provided my answer here, but now I want to explore what ProGuard is and how to enable it.

What is ProGuard?

Ref - Wikipedia:

ProGuard is an open source command-line tool that shrinks, optimizes and obfuscates Java code. It is able to optimize bytecode as well as detect and remove unused instructions. ProGuard is open source software.

Proguard was developed by Eric P.F. Lafortune.

As per the definition, proguard will help you to not only obfuscate, but also optimize, shrink, and remove unused instructions as well.

I've asked many why they want to apply ProGuard to their projects, and I only encounter one answer, "we use it only for security purposes". This will not provide just security to your code. 

Features of ProGuard

  1. ProGuard also optimizes the bytecode, removes unused code instructions, and obfuscates the remaining classes, fields, and methods with short names.
  2. The obfuscated code makes your APK difficult to reverse engineer, which is especially valuable when your app uses security-sensitive features, such as licensing verification.

Enabling ProGuard in Android Studio

Below is a sample of how to enable default ProGuard in Android Studio.

  1. Go to the build.gradle file of app
  2. Enable the proguard minifyEnabled true
  3. Enable shrinkResources true to reduce the APK size by shrinking resources.
  4. proguardFiles getDefaultProguardFile('proguard-android.txt') to enable the default one. If you want to use your own proguard file then use the below rules.
buildTypes {  
  release {  
    debuggable false        
    minifyEnabled true        
    shrinkResources true      
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'   
  }    
  debug { 
    debuggable true   
    minifyEnabled true       
    shrinkResources true       
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'   
  }
}

The link contains ProGuard settings for Android and other library settings:

Explore the authentication advancements that are designed to secure accounts and payments—without overburdening consumers with a friction-laden experience.

Like This Article? Read More From DZone

Report: Top Android Security Problems in 2017
Android WebView: Secure Coding Practices
Balancing Android Openness With Mobile Security

Free DZone Refcard

REST API Security
DOWNLOAD
Topics:
android ,mobile ,security ,obfuscation

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Security Partner Resources

Five Steps to Achieve Risk-based Application Security Management: Updated Second Edition
Learn how to Patch faster than attackers can find you
Eliminate vulnerabilities from applications before they are placed into production and deployed
Securing Payments and Earning Trust in a Mobile Financial World
Find out how to Secure your applications with Point and Click protection.
Intelligent Finding Analytics: Your Cognitive Computing Application Security Expert
What is the Deserialization vulnerability and what are the challenges in providing a solution
Rapidly detect security vulnerabilities in your web, mobile and desktop applications

Security Partner Resources

Five Steps to Achieve Risk-based Application Security Management: Updated Second Edition
Learn how to Patch faster than attackers can find you
Eliminate vulnerabilities from applications before they are placed into production and deployed
Securing Payments and Earning Trust in a Mobile Financial World

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone