Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Enabling ProGuard for Android

DZone's Guide to

Enabling ProGuard for Android

ProGuard helps obfuscate Android code, but it also provides several ways to improve the speed of your app. Learn how to enable it here.

· Security Zone
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

Enabling ProGuard in Android Studio is a really easy task, but I am getting this question frequently on StackOverflow, which motivated me to write this simple article.

Here is the question on StackOverflow. I have already provided my answer here, but now I want to explore what ProGuard is and how to enable it.

What is ProGuard?

Ref - Wikipedia:

ProGuard is an open source command-line tool that shrinks, optimizes and obfuscates Java code. It is able to optimize bytecode as well as detect and remove unused instructions. ProGuard is open source software.

Proguard was developed by Eric P.F. Lafortune.

As per the definition, proguard will help you to not only obfuscate, but also optimize, shrink, and remove unused instructions as well.

I've asked many why they want to apply ProGuard to their projects, and I only encounter one answer, "we use it only for security purposes". This will not provide just security to your code. 

Features of ProGuard

  1. ProGuard also optimizes the bytecode, removes unused code instructions, and obfuscates the remaining classes, fields, and methods with short names.
  2. The obfuscated code makes your APK difficult to reverse engineer, which is especially valuable when your app uses security-sensitive features, such as licensing verification.

Enabling ProGuard in Android Studio

Below is a sample of how to enable default ProGuard in Android Studio.

  1. Go to the build.gradle file of app
  2. Enable the proguard minifyEnabled true
  3. Enable shrinkResources true to reduce the APK size by shrinking resources.
  4. proguardFiles getDefaultProguardFile('proguard-android.txt') to enable the default one. If you want to use your own proguard file then use the below rules.
buildTypes {  
  release {  
    debuggable false        
    minifyEnabled true        
    shrinkResources true      
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'   
  }    
  debug { 
    debuggable true   
    minifyEnabled true       
    shrinkResources true       
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'   
  }
}

The link contains ProGuard settings for Android and other library settings:

Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Topics:
android ,mobile ,security ,obfuscation

Published at DZone with permission of Maheshwar Ligade. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}