/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Enabling ProGuard for Android

DZone's Guide to

Enabling ProGuard for Android

ProGuard helps obfuscate Android code, but it also provides several ways to improve the speed of your app. Learn how to enable it here.

by
·
Feb. 07, 17 · Security Zone ·
Free Resource

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Do you know who is accessing your valuable data through your APIs? Discover how

Enabling ProGuard in Android Studio is a really easy task, but I am getting this question frequently on StackOverflow, which motivated me to write this simple article.

Here is the question on StackOverflow. I have already provided my answer here, but now I want to explore what ProGuard is and how to enable it.

What is ProGuard?

Ref - Wikipedia:

ProGuard is an open source command-line tool that shrinks, optimizes and obfuscates Java code. It is able to optimize bytecode as well as detect and remove unused instructions. ProGuard is open source software.

Proguard was developed by Eric P.F. Lafortune.

As per the definition, proguard will help you to not only obfuscate, but also optimize, shrink, and remove unused instructions as well.

I've asked many why they want to apply ProGuard to their projects, and I only encounter one answer, "we use it only for security purposes". This will not provide just security to your code. 

Features of ProGuard

  1. ProGuard also optimizes the bytecode, removes unused code instructions, and obfuscates the remaining classes, fields, and methods with short names.
  2. The obfuscated code makes your APK difficult to reverse engineer, which is especially valuable when your app uses security-sensitive features, such as licensing verification.

Enabling ProGuard in Android Studio

Below is a sample of how to enable default ProGuard in Android Studio.

  1. Go to the build.gradle file of app
  2. Enable the proguard minifyEnabled true
  3. Enable shrinkResources true to reduce the APK size by shrinking resources.
  4. proguardFiles getDefaultProguardFile('proguard-android.txt') to enable the default one. If you want to use your own proguard file then use the below rules.
buildTypes {  
  release {  
    debuggable false        
    minifyEnabled true        
    shrinkResources true      
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'   
  }    
  debug { 
    debuggable true   
    minifyEnabled true       
    shrinkResources true       
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'   
  }
}

The link contains ProGuard settings for Android and other library settings:

Start a free self-guided trial to discover how API Security is done through a true Zero Trust approach.

Like This Article? Read More From DZone

Report: Top Android Security Problems in 2017
Android WebView: Secure Coding Practices
Balancing Android Openness With Mobile Security

Free DZone Refcard

Java Application Vulnerabilities
DOWNLOAD
Topics:
android ,mobile ,security ,obfuscation

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Security Partner Resources

Discover how to deploy pre-built sample microservices OR create simple microservices from scratch.
Ponemon Institute 2018 Artificial Intelligence (AI) in Cyber-Security Study
Lightweight plugin for Java and .NET to apply current and historical virtual patches, Critical Patch Updates (CPUs).
Case Study: Virtual Patching While Under Attack
Modern Cloud Architectures And The Use Of Microservices
Intelligent Finding Analytics: Your Cognitive Computing Application Security Expert
Find out how using compiler techniques means 100% Accuracy against common attacks and zero days.
Rapidly detect security vulnerabilities in your web, mobile and desktop applications
Eliminate vulnerabilities from applications before they are placed into production and deployed

Security Partner Resources

Discover how to deploy pre-built sample microservices OR create simple microservices from scratch.
Ponemon Institute 2018 Artificial Intelligence (AI) in Cyber-Security Study
Lightweight plugin for Java and .NET to apply current and historical virtual patches, Critical Patch Updates (CPUs).
Case Study: Virtual Patching While Under Attack

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone