ProGuard Secure your APK from Reverse Engineering in Android

Following are words from http://proguard.sourceforge.net who are inventor of it.

ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names.

signing apk flow

  1. Shrinker : It will remove all the classes and methods which are not used by you from classes you developed and library you have used.
  2. Optimizer : to improve performance and size of your application
  3. Obfuscator : It will rename all classes, methods, object names and jumble them. This will make your application harder to reverse engineer.

So, now you get idea about what ProGarud means. But how we can use it in Android application?

Answer is,

ProGuard is integrated into the Android Build system. So you don’t need to take those libraries and manually use those. You can not run ProGuard every time. When you release your build, then and only it runs and perform its task.

Step 1: Use ProGuard in Android Application

To enable ProGuard, you need to open your “/project.properties” file. It will look like below.

You can see that WARNING at the beginning of line. But you can ignore it. Now come to 3rd line from bottom. It says

So, what you need to do is, remove comment from its immediate below line. This will enable ProGuard in your application.

Step 2: Release Build

After completing Step-1, you can now release your build. To do that

Right Click your Project -> Export -> Export Android Application -> Perform Next Step

And follow steps.

If your application successfully compiled and build, you can see one Directory added in your Project named “ProGuard”. This contains following files.

  1. dumb.txt : this describes the internal structure of all the class file in the .apk file
  2. mapping.txt : Lists the mapping between the original and obfuscated class, methods and object names.
  3. seeds.txt : Lists the classes and members those are not obfuscated
  4. usage.txt : Lists the code that was stripped from the .apk

Step 3: If Warning from ProGuard and return 0

This step is optional if you not found any error from ProGuard. But if you found some error messages in console regarding your library classes, you need to follow this step.

Open “/proguard-project.txt

Then at bottom of file, you need to write following line

What this defines? If you have warning like twitter4j.internal.logging.XYZ class not referenced, then you need to take parent package name to stop warning from build.

Summary

In this article, we learned what is ProGuard? How it will help to protect our application from Reverse Engineering.

You may also like to read

Android Unique Identification Number Some times, when we are integrate our android application with server, its requirement of server that it can identify every android device uniquely. S...
Read Logs programmatically in Android In this blog you will learn how to read logs programmatically in Android and used for bug report purposes. Its easy to read logs from Logcat an...
Display Alert on Back button pressed in Android St... Some time in your application, it is needed to prompt user before taking back him to previous page or exit from application. In this article, we will ...
Android 6.0 “M” – new features r... Google is providing a newer version of Android OS each year. This time also we are expecting a newer version of Android 6.0 by the end of this year. ...
Share on Facebook1Share on Google+0Tweet about this on TwitterShare on LinkedIn0Share on Reddit0Pin on Pinterest0Share on Tumblr0Email this to someone
  • What’s up to every one, because I am truly eager of reading this web site’s post to be updated
    daily. It includes good material.